Описание
Improper random number generation in github.com/coredns/coredns
Impact
CoreDNS before 1.6.6 (using go DNS package < 1.1.25) improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
Patches
The problem has been fixed in 1.6.6+.
References
For more information
Please consult our security guide for more information regarding our security process.
Пакеты
Наименование
github.com/coredns/coredns
go
Затронутые версииВерсия исправления
< 1.6.6
1.6.6
Дефекты
CWE-330
Дефекты
CWE-330