| id: GO-2020-0006 |
| modules: |
| - module: github.com/miekg/dns |
| versions: |
| - fixed: 1.0.4-0.20180125103619-43913f2f4fbd |
| vulnerable_at: 1.0.3 |
| packages: |
| - package: github.com/miekg/dns |
| symbols: |
| - Server.serveTCP |
| derived_symbols: |
| - ActivateAndServe |
| - ListenAndServe |
| - ListenAndServeTLS |
| - Server.ActivateAndServe |
| - Server.ListenAndServe |
| summary: Denial of service via open idle connection in github.com/miekg/dns |
| description: |- |
| An attacker may prevent TCP connections to a Server by opening a connection and |
| leaving it idle, until the connection is closed by the server no other |
| connections will be accepted. |
| published: 2021-04-14T20:04:52Z |
| cves: |
| - CVE-2017-15133 |
| ghsas: |
| - GHSA-p55x-7x9v-q8m4 |
| credits: |
| - Pedro Sampaio |
| references: |
| - fix: https://github.com/miekg/dns/pull/631 |
| - fix: https://github.com/miekg/dns/commit/43913f2f4fbd7dcff930b8a809e709591e4dd79e |
| review_status: REVIEWED |