data/reports/GO-2020-0008.yaml - vulndb - Git at Google

 id: GO-2020-0008
 modules:
     - module: github.com/miekg/dns
       versions:
         - fixed: 1.1.25-0.20191211073109-8ebf2e419df7
       vulnerable_at: 1.1.24
       packages:
         - package: github.com/miekg/dns
           symbols:
             - id
           derived_symbols:
             - Msg.SetAxfr
             - Msg.SetIxfr
             - Msg.SetNotify
             - Msg.SetQuestion
             - Msg.SetUpdate
 summary: Insecure generation of random numbers in github.com/miekg/dns
 description: |-
     DNS message transaction IDs are generated using math/rand which makes them
     relatively predictable. This reduces the complexity of response spoofing attacks
     against DNS clients.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2019-19794
 ghsas:
     - GHSA-44r7-7p62-q3fr
 references:
     - fix: https://github.com/miekg/dns/pull/1044
     - fix: https://github.com/miekg/dns/commit/8ebf2e419df7857ac8919baa05248789a8ffbf33
     - web: https://github.com/miekg/dns/issues/1037
     - web: https://github.com/miekg/dns/issues/1043
	id: GO-2020-0008
	modules:
	- module: github.com/miekg/dns
	versions:
	- fixed: 1.1.25-0.20191211073109-8ebf2e419df7
	vulnerable_at: 1.1.24
	packages:
	- package: github.com/miekg/dns
	symbols:
	- id
	derived_symbols:
	- Msg.SetAxfr
	- Msg.SetIxfr
	- Msg.SetNotify
	- Msg.SetQuestion
	- Msg.SetUpdate
	summary: Insecure generation of random numbers in github.com/miekg/dns
	description: \|-
	DNS message transaction IDs are generated using math/rand which makes them
	relatively predictable. This reduces the complexity of response spoofing attacks
	against DNS clients.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2019-19794
	ghsas:
	- GHSA-44r7-7p62-q3fr
	references:
	- fix: https://github.com/miekg/dns/pull/1044
	- fix: https://github.com/miekg/dns/commit/8ebf2e419df7857ac8919baa05248789a8ffbf33
	- web: https://github.com/miekg/dns/issues/1037
	- web: https://github.com/miekg/dns/issues/1043