2219234 – (CVE-2024-0874) CVE-2024-0874 coredns: CD bit response is cached and served later

Bug 2219234 (CVE-2024-0874) - CVE-2024-0874 coredns: CD bit response is cached and served later

Summary: CVE-2024-0874 coredns: CD bit response is cached and served later

Keywords:
Status:	NEW
Alias:	CVE-2024-0874
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2255536
Blocks:	2219503
TreeView+	depends on / blocked

Reported:	2023-07-03 05:10 UTC by TEJ RATHI
Modified:	2024-02-07 20:30 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2023-07-03 05:10:52 UTC

Coredns mishandling of CI bit: CD bit response is cached and served later

What happened:
If CD bit is set in query, it disables validation at remote server

What you expected to happen:
CD queries may pass, but the same answer must not be served to queries without CD bit set

https://github.com/coredns/coredns/issues/6186

Comment 4 Anten Skrabec 2023-12-21 17:27:35 UTC

Created golang-github-coredns-corefile-migration tracking bugs for this issue:

Affects: fedora-all [bug 2255536]

Note You need to log in before you can comment on or make changes to this bug.