CVE-2025-58063 — Incorrect Conversion between Numeric Types in Coredns Coredns

CWE-681 — Incorrect Conversion between Numeric Types CWE-401 — Missing Release of Memory after Effective Lifetime7 documents5 sources

Severity

7.1HIGHNVD

EPSS

0.1%

top 79.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Coredns Coredns Coredns Msrc Azl3 Coredns 1.11.4-7 ON Azure Linux 3.0 +4 more

Timeline

PublishedSep 9

Latest updateSep 17

Description

CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling DNS cache pinning attacks. This effectively creates a DoS condition for DNS resolution of affected services. The `TTL()` function in `plugin/etcd/etcd.go` incorrectly casts etcd lease IDs (64-bit integers) to uint32 and uses them as TTL values. Large lease IDs become very lar…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:HExploitability: 2.8 | Impact: 4.2

Affected Packages7 packages

▶Gogithub.com/coredns_coredns1.2.0 — 1.12.4

▶CVEListV5coredns/coredns>= 1.2.0, < 1.12.4

▶msrcmsrc/azl3_coredns_1.11.4-7_on_azure_linux_3.0

▶msrcmsrc/azl3_coredns_1.11.4-8_on_azure_linux_3.0

▶msrcmsrc/cbl2_coredns_1.11.1-19_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion in github.com/coredns/coredns↗2025-09-17

▶

GHSA

CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion↗2025-09-09

▶

OSV

CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion↗2025-09-09

▶

📋Vendor Advisories

Microsoft

CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion↗2025-09-09

▶

Red Hat

github.com/coredns/coredns: CoreDNS Lease ID Confusion↗2025-09-09

▶

Microsoft

wifi: rtlwifi: fix memory leaks and invalid access at probe error path↗2025-03-11

▶