CoreDNS Vulnerability Let Attackers Exhaust Server Memory Via Amplification Attack
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A high-severity security vulnerability has been discovered in CoreDNS, one of the most widely used DNS servers in cloud-native environments, particularly within Kubernetes clusters.
The flaw, designated as CVE-2025-47950, allows remote attackers to exhaust server memory through DNS-over-QUIC (DoQ) stream amplification attacks, potentially causing complete service outages in containerized environments.
The vulnerability resides in CoreDNS’s server_quic.go implementation, where the DNS-over-QUIC server creates an unlimited number of goroutines for incoming QUIC streams without imposing concurrency controls.
CoreDNS DNS-over-QUIC Vulnerability
This fundamental design flaw enables attackers to exploit the 1:1 stream-to-goroutine mapping model by opening numerous concurrent streams from a single connection point.
The attack vector demonstrates concerning simplicity, requiring no authentication, minimal bandwidth consumption, and low computational resources from the attacker’s perspective.
A remote, unauthenticated adversary can systematically open large volumes of QUIC streams, triggering uncontrolled memory allocation that eventually leads to Out Of Memory (OOM) conditions.
The vulnerability specifically targets deployments with quic:// protocol enabled in the Corefile configuration, making it particularly dangerous for organizations implementing modern DNS-over-QUIC infrastructure for enhanced privacy and performance.
Security researchers have classified this as a high-impact availability vulnerability, with the potential for complete service disruption.
In memory-constrained environments such as Kubernetes pods or containerized deployments, the impact becomes even more severe, as resource limitations can accelerate the progression toward system failure.
The vulnerability discovery is credited to @thevilledev, who not only identified the security flaw but also contributed a high-quality remediation implementation.
Risk Factors Details Affected ProductsCoreDNS versions
#Cyber_Security #Cyber_Security_News #DNS_Attacks #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
CoreDNS Vulnerability Let Attackers Exhaust Server Memory Via Amplification Attack
Author: KaaviyaA high-severity security vulnerability has been discovered in CoreDNS, one of the most widely used DNS servers in cloud-native environments, particularly within Kubernetes clusters.
The flaw, designated as CVE-2025-47950, allows remote attackers to exhaust server memory through DNS-over-QUIC (DoQ) stream amplification attacks, potentially causing complete service outages in containerized environments.
The vulnerability resides in CoreDNS’s server_quic.go implementation, where the DNS-over-QUIC server creates an unlimited number of goroutines for incoming QUIC streams without imposing concurrency controls.
CoreDNS DNS-over-QUIC Vulnerability
This fundamental design flaw enables attackers to exploit the 1:1 stream-to-goroutine mapping model by opening numerous concurrent streams from a single connection point.
The attack vector demonstrates concerning simplicity, requiring no authentication, minimal bandwidth consumption, and low computational resources from the attacker’s perspective.
A remote, unauthenticated adversary can systematically open large volumes of QUIC streams, triggering uncontrolled memory allocation that eventually leads to Out Of Memory (OOM) conditions.
The vulnerability specifically targets deployments with quic:// protocol enabled in the Corefile configuration, making it particularly dangerous for organizations implementing modern DNS-over-QUIC infrastructure for enhanced privacy and performance.
Security researchers have classified this as a high-impact availability vulnerability, with the potential for complete service disruption.
In memory-constrained environments such as Kubernetes pods or containerized deployments, the impact becomes even more severe, as resource limitations can accelerate the progression toward system failure.
The vulnerability discovery is credited to @thevilledev, who not only identified the security flaw but also contributed a high-quality remediation implementation.
Risk Factors Details Affected ProductsCoreDNS versions
#Cyber_Security #Cyber_Security_News #DNS_Attacks #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
