Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-19794

Опубликовано: 05 дек. 2019
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 16.2osp-director-provisioner-containerAffected
Red Hat OpenStack Platform 16.2rhosp-rhel8-tech-preview/osp-director-downloaderWill not fix
Red Hat OpenShift Jaeger 1.20distributed-tracing/jaeger-rhel8-operatorFixedRHSA-2020:519824.11.2020
Red Hat OpenStack Platform 16.2rhosp-rhel8-tech-preview/osp-director-operatorFixedRHSA-2022:218311.05.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-338
https://bugzilla.redhat.com/show_bug.cgi?id=1786761golang-github-miekg-dns: predictable TXID can lead to response forgeries

EPSS

Процентиль: 53%
0.00297
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-19794

CVSS3: 5.9
ubuntu
около 6 лет назад

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.

nvd логотип

CVE-2019-19794

CVSS3: 5.9
nvd
около 6 лет назад

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.

debian логотип

CVE-2019-19794

CVSS3: 5.9
debian
около 6 лет назад

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6. ...

github логотип

GHSA-44r7-7p62-q3fr

CVSS3: 5.9
github
больше 4 лет назад

miekg/dns insecurely generates random numbers

EPSS

Процентиль: 53%
0.00297
Низкий

5.9 Medium

CVSS3