CVE-2017-15133
HIGH7.5EPSS 0.67%Denial of service via open idle connection in github.com/miekg/dns
Published: 6/29/2021Modified: 4/28/2026
Description
A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections.
Affected packages (3)
- Debian/golang-github-miekg-dnsfrom 0, < 0.0~git20170501.0.f282f80-3
- Go/github.com/miekg/dnsfrom 0, < 1.0.4
- Go/github.com/miekg/dnsfrom 0, < 1.0.4-0.20180125103619-43913f2f4fbd
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-15133
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-15133
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1538763
- WEBhttps://github.com/miekg/dns/commit/43913f2f4fbd7dcff930b8a809e709591e4dd79e
- WEBhttps://github.com/miekg/dns/issues/627
- WEBhttps://github.com/miekg/dns/pull/631
- WEBhttps://pkg.go.dev/vuln/GO-2020-0006