Home

Description

A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.

PUBLISHED Reserved 2024-01-24 | Published 2024-04-25 | Updated 2026-01-04 | Assigner redhat




MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Problem types

Use of Cache Containing Sensitive Information

Product status

Default status
unaffected

Any version before 1.11.2
affected

Default status
affected

v4.13.0-202408260940.p0.ge70f097.assembly.stream.el8 (rpm) before *
unaffected

Default status
affected

v4.14.0-202408260910.p0.gfdd6037.assembly.stream.el8 (rpm) before *
unaffected

Default status
affected

v4.15.0-202407230407.p0.g1326282.assembly.stream.el9 (rpm) before *
unaffected

Default status
affected

v4.16.0-202406131906.p0.g04d84f7.assembly.stream.el9 (rpm) before *
unaffected

Default status
unaffected

Default status
affected

Timeline

2023-07-03:Reported to Red Hat.
2023-07-03:Made public.

Credits

This issue was discovered by Petr Mensik (Red Hat).

References

access.redhat.com/errata/RHSA-2024:0041 (RHSA-2024:0041) vendor-advisory

access.redhat.com/security/cve/CVE-2024-0874 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2219234 (RHBZ#2219234) issue-tracking

github.com/coredns/coredns/issues/6186

github.com/coredns/coredns/pull/6354

access.redhat.com/errata/RHSA-2024:0041 (RHSA-2024:0041) vendor-advisory

access.redhat.com/errata/RHSA-2024:4850 (RHSA-2024:4850) vendor-advisory

access.redhat.com/errata/RHSA-2024:6009 (RHSA-2024:6009) vendor-advisory

access.redhat.com/errata/RHSA-2024:6406 (RHSA-2024:6406) vendor-advisory

access.redhat.com/security/cve/CVE-2024-0874 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2219234 (RHBZ#2219234) issue-tracking

github.com/coredns/coredns/issues/6186

github.com/coredns/coredns/pull/6354

cve.org (CVE-2024-0874)

nvd.nist.gov (CVE-2024-0874)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.