Описание
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
Ссылки
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6. ...
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2