{"id":"GO-2026-4289","summary":"CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages in github.com/coredns/coredns","details":"CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages in github.com/coredns/coredns","aliases":["CVE-2025-68151","GHSA-527x-5wrf-22m2"],"modified":"2026-03-17T05:09:29.662322Z","published":"2026-01-12T17:39:39Z","related":["CGA-f6c8-358q-hcm4"],"database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2026-4289"},"references":[{"type":"ADVISORY","url":"https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68151"},{"type":"FIX","url":"https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812"},{"type":"FIX","url":"https://github.com/coredns/coredns/pull/7490"}],"affected":[{"package":{"name":"github.com/coredns/coredns","ecosystem":"Go","purl":"pkg:golang/github.com/coredns/coredns"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.14.0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4289.json"}}],"schema_version":"1.7.5"}