Описание
miekg/dns insecurely generates random numbers
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-19794
- https://github.com/coredns/coredns/issues/3519
- https://github.com/coredns/coredns/issues/3547
- https://github.com/miekg/dns/issues/1037
- https://github.com/miekg/dns/issues/1043
- https://github.com/miekg/dns/pull/1044
- https://github.com/miekg/dns/commit/8ebf2e419df7857ac8919baa05248789a8ffbf33
- https://github.com/miekg/dns/compare/v1.1.24...v1.1.25
- https://pkg.go.dev/vuln/GO-2020-0008
Пакеты
github.com/miekg/dns
< 1.1.25
1.1.25
Связанные уязвимости
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6. ...