Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
A single unauthenticated remote datagram reliably crashes the process (AV:N/AC:L/PR:N/UI:N) with availability-only impact; the proxyproto config precondition is not a CVSS metric so A:H, C/I:N.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
CoreDNS is a DNS server written in Go. Prior to 1.14.4, a single 28-byte UDP datagram can crash the CoreDNS process when the proxyproto plugin is enabled because plugin/pkg/proxyproto/proxyproto.go PacketConn.ReadFrom handles a PROXY v2 header with non-UDP transport such as family byte 0x11, reassigns addr from a nil readFrom result after parseProxyProtocol errors, and calls addr.String() in the warning log before ServeDNS recovery applies. This issue is fixed in version 1.14.4.
AnalysisAI
Remote denial of service in CoreDNS versions prior to 1.14.4 allows an unauthenticated attacker to crash the DNS server with a single 28-byte UDP datagram when the proxyproto plugin is enabled. The malformed PROXY protocol v2 header triggers a nil pointer dereference in the PacketConn.ReadFrom log path, killing the process before per-request recovery can intervene. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the CoreDNS proxyproto plugin to be enabled and the attacker to be able to send a UDP datagram to the CoreDNS listener; the malicious packet must carry a valid PROXY protocol v2 signature but declare a non-UDP transport family byte (e.g. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, base 7.5) is credible for the availability-only impact: a network attacker with no privileges or user interaction sends one small datagram to crash the daemon. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the CoreDNS UDP port of a server running the proxyproto plugin sends a single 28-byte datagram whose PROXY v2 header declares a non-UDP transport family (0x11). Parsing fails, addr becomes nil, and the warning-log call to addr.String() panics outside recovery, terminating the CoreDNS process and taking down DNS resolution. … |
| Remediation | Vendor-released patch: 1.14.4 - upgrade CoreDNS to v1.14.4 or later (https://github.com/coredns/coredns/releases/tag/v1.14.4), which changes ReadFrom to log using a preserved peer address instead of the nil-reassigned addr (PR https://github.com/coredns/coredns/pull/8154, commit 60a439dd4febfcd78e3779e952fe3fbf3c16bb1f). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, audit CoreDNS deployments to identify affected versions (prior to 1.14.4) and instances with the proxyproto plugin enabled, documenting all production DNS servers. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Coredns versions up to 1.14.2 contains a vulnerability that allows attackers to crash the DNS server by sending speciall
CoreDNS versions prior to 1.14.2 allow authenticated attackers to bypass DNS access controls through a Time-of-Check Tim
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations (gRPC, HTT
A denial of service vulnerability in versions (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vend
Nil pointer dereference in CoreDNS prior to 1.14.5 allows remote unauthenticated attackers to crash or degrade the DNS s
Unhandled Go runtime panic in CoreDNS 1.9.4 through 1.14.4 allows a network-reachable DNS client with AXFR permission to
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45019