blob: d444bc633d5c3873c53125f1151d1cae5fe137ed [file] [log] [blame]
id: GO-2020-0006
modules:
- module: github.com/miekg/dns
versions:
- fixed: 1.0.4-0.20180125103619-43913f2f4fbd
vulnerable_at: 1.0.3
packages:
- package: github.com/miekg/dns
symbols:
- Server.serveTCP
derived_symbols:
- ActivateAndServe
- ListenAndServe
- ListenAndServeTLS
- Server.ActivateAndServe
- Server.ListenAndServe
summary: Denial of service via open idle connection in github.com/miekg/dns
description: |-
An attacker may prevent TCP connections to a Server by opening a connection and
leaving it idle, until the connection is closed by the server no other
connections will be accepted.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2017-15133
ghsas:
- GHSA-p55x-7x9v-q8m4
credits:
- Pedro Sampaio
references:
- fix: https://github.com/miekg/dns/pull/631
- fix: https://github.com/miekg/dns/commit/43913f2f4fbd7dcff930b8a809e709591e4dd79e
review_status: REVIEWED