CVE-2026-62309 in CoreDNSالمعلومات

الملخص

بحسب MITRE • 16/07/2026

CoreDNS is a DNS server written in Go. Prior to 1.14.4, a single 28-byte UDP datagram can crash the CoreDNS process when the proxyproto plugin is enabled because plugin/pkg/proxyproto/proxyproto.go PacketConn.ReadFrom handles a PROXY v2 header with non-UDP transport such as family byte 0x11, reassigns addr from a nil readFrom result after parseProxyProtocol errors, and calls addr.String() in the warning log before ServeDNS recovery applies. This issue is fixed in version 1.14.4.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

مسؤول

GitHub M

حجز

13/07/2026

إفشاء

16/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-379643

EPSS

0.00000

KEV

لا

النشاطات

منخفض جدًا

المصادر

Want to stay up to date on a daily basis?

Enable the mail alert feature now!