data/reports/GO-2020-0008.yaml - vulndb - Git at Google

 modules:
   - module: github.com/miekg/dns
     versions:
       - fixed: 1.1.25-0.20191211073109-8ebf2e419df7
     vulnerable_at: 1.1.24
     packages:
       - package: github.com/miekg/dns
         symbols:
           - id
         derived_symbols:
           - Msg.SetAxfr
           - Msg.SetIxfr
           - Msg.SetNotify
           - Msg.SetQuestion
           - Msg.SetUpdate
 description: |
     DNS message transaction IDs are generated using math/rand which
     makes them relatively predictable. This reduces the complexity
     of response spoofing attacks against DNS clients.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2019-19794
 ghsas:
   - GHSA-44r7-7p62-q3fr
 references:
   - fix: https://github.com/miekg/dns/pull/1044
   - fix: https://github.com/miekg/dns/commit/8ebf2e419df7857ac8919baa05248789a8ffbf33
   - web: https://github.com/miekg/dns/issues/1037
   - web: https://github.com/miekg/dns/issues/1043
	modules:
	- module: github.com/miekg/dns
	versions:
	- fixed: 1.1.25-0.20191211073109-8ebf2e419df7
	vulnerable_at: 1.1.24
	packages:
	- package: github.com/miekg/dns
	symbols:
	- id
	derived_symbols:
	- Msg.SetAxfr
	- Msg.SetIxfr
	- Msg.SetNotify
	- Msg.SetQuestion
	- Msg.SetUpdate
	description: \|
	DNS message transaction IDs are generated using math/rand which
	makes them relatively predictable. This reduces the complexity
	of response spoofing attacks against DNS clients.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2019-19794
	ghsas:
	- GHSA-44r7-7p62-q3fr
	references:
	- fix: https://github.com/miekg/dns/pull/1044
	- fix: https://github.com/miekg/dns/commit/8ebf2e419df7857ac8919baa05248789a8ffbf33
	- web: https://github.com/miekg/dns/issues/1037
	- web: https://github.com/miekg/dns/issues/1043