Bug 2219234 (CVE-2024-0874) - CVE-2024-0874 coredns: CD bit response is cached and served later
Summary: CVE-2024-0874 coredns: CD bit response is cached and served later
Keywords:
Status: NEW
Alias: CVE-2024-0874
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2255536
Blocks: 2219503
TreeView+ depends on / blocked
 
Reported: 2023-07-03 05:10 UTC by TEJ RATHI
Modified: 2024-09-11 18:34 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:0041 0 None None None 2024-06-27 11:23:38 UTC
Red Hat Product Errata RHSA-2024:4850 0 None None None 2024-07-31 00:29:36 UTC
Red Hat Product Errata RHSA-2024:6009 0 None None None 2024-09-04 07:57:05 UTC
Red Hat Product Errata RHSA-2024:6406 0 None None None 2024-09-11 18:34:18 UTC

Description TEJ RATHI 2023-07-03 05:10:52 UTC 
Coredns mishandling of CI bit: CD bit response is cached and served later

What happened:
If CD bit is set in query, it disables validation at remote server

What you expected to happen:
CD queries may pass, but the same answer must not be served to queries without CD bit set

https://github.com/coredns/coredns/issues/6186
Comment 4 Anten Skrabec 2023-12-21 17:27:35 UTC 
Created golang-github-coredns-corefile-migration tracking bugs for this issue:

Affects: fedora-all [bug 2255536]
Comment 5 errata-xmlrpc 2024-06-27 11:23:36 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2024:0041 https://access.redhat.com/errata/RHSA-2024:0041
Comment 6 errata-xmlrpc 2024-07-31 00:29:34 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2024:4850 https://access.redhat.com/errata/RHSA-2024:4850
Comment 7 errata-xmlrpc 2024-09-04 07:57:04 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2024:6009 https://access.redhat.com/errata/RHSA-2024:6009
Comment 8 errata-xmlrpc 2024-09-11 18:34:17 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2024:6406 https://access.redhat.com/errata/RHSA-2024:6406
Note You need to log in before you can comment on or make changes to this bug.