Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2017-15133

CVE-2017-15133:
Denial of Service in miekg-dns

7.5

CVSS Score

Basic Information

CVE ID
CVE-2017-15133
GHSA ID
GHSA-p55x-7x9v-q8m4
EPSS Score
-
CWE
CWE-400
Published
6/29/2021
Updated
1/23/2024
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/miekg/dnsgo< 1.0.41.0.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from TCP connection handling in serveTCP. The pre-1.0.4 implementation called reader.ReadTCP in the main accept loop (before spawning per-connection goroutines), which would block on idle connections. This is evident from the fix in commit 43913f2 which moved ReadTCP into the per-connection goroutine. The Go vulnerability report (GO-2020-0006) and CVE description both confirm this TCP handling flaw. While public methods like ListenAndServe are entry points, the root vulnerability resides in serveTCP's connection handling logic.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* **ni*l o* s*rvi** *l*w w*s *oun* in mi*k*-*ns ***or* *.*.*. * r*mot* *tt**k*r *oul* us* **r**ully tim** T*P p**k*ts to *lo*k t** *NS s*rv*r *rom ****ptin* n*w *onn**tions.

Reasoning

T** vuln*r**ility st*mm** *rom T*P *onn**tion **n*lin* in s*rv*T*P. T** pr*-*.*.* impl*m*nt*tion **ll** r****r.R***T*P in t** m*in ****pt loop (***or* sp*wnin* p*r-*onn**tion *oroutin*s), w*i** woul* *lo*k on i*l* *onn**tions. T*is is *vi**nt *rom t*