data/reports: update GO-2024-3134
- data/reports/GO-2024-3134.yaml
Updates golang/vulndb#3134
Fixes golang/vulndb#3159
Change-Id: Ic39b8e8695e8a759860ddffae684465ad64999db
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/616058
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
diff --git a/data/osv/GO-2024-3134.json b/data/osv/GO-2024-3134.json
index e718b1c..b67672b 100644
--- a/data/osv/GO-2024-3134.json
+++ b/data/osv/GO-2024-3134.json
@@ -8,7 +8,7 @@
"GHSA-h92q-fgpp-qhrq"
],
"summary": "CoreDNS Cache Poisoning via a birthday attack in github.com/coredns/coredns",
- "details": "CoreDNS Cache Poisoning via a birthday attack in github.com/coredns/coredns",
+ "details": "CoreDNS enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.",
"affected": [
{
"package": {
@@ -21,11 +21,23 @@
"events": [
{
"introduced": "0"
+ },
+ {
+ "fixed": "1.11.0"
}
]
}
],
- "ecosystem_specific": {}
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/coredns/coredns/plugin/pkg/proxy",
+ "symbols": [
+ "Proxy.Connect"
+ ]
+ }
+ ]
+ }
}
],
"references": [
@@ -34,8 +46,8 @@
"url": "https://github.com/advisories/GHSA-h92q-fgpp-qhrq"
},
{
- "type": "ADVISORY",
- "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30464"
+ "type": "FIX",
+ "url": "https://github.com/coredns/coredns/commit/604a902e2c7e0317aecaa3666124079c75a31573"
},
{
"type": "WEB",
@@ -44,6 +56,6 @@
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3134",
- "review_status": "UNREVIEWED"
+ "review_status": "REVIEWED"
}
}
\ No newline at end of file
diff --git a/data/reports/GO-2024-3134.yaml b/data/reports/GO-2024-3134.yaml
index c9a0c39..ae4ba0e 100644
--- a/data/reports/GO-2024-3134.yaml
+++ b/data/reports/GO-2024-3134.yaml
@@ -1,19 +1,26 @@
id: GO-2024-3134
modules:
- module: github.com/coredns/coredns
- unsupported_versions:
- - last_affected: 1.10.1
- vulnerable_at: 1.11.3
+ versions:
+ - fixed: 1.11.0
+ vulnerable_at: 1.10.1
+ packages:
+ - package: github.com/coredns/coredns/plugin/pkg/proxy
+ symbols:
+ - Proxy.Connect
summary: CoreDNS Cache Poisoning via a birthday attack in github.com/coredns/coredns
+description: |-
+ CoreDNS enables attackers to achieve DNS cache poisoning and inject fake
+ responses via a birthday attack.
cves:
- CVE-2023-30464
ghsas:
- GHSA-h92q-fgpp-qhrq
references:
- advisory: https://github.com/advisories/GHSA-h92q-fgpp-qhrq
- - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-30464
+ - fix: https://github.com/coredns/coredns/commit/604a902e2c7e0317aecaa3666124079c75a31573
- web: https://gist.github.com/idealeer/e41c7fb3b661d4262d0b6f21e12168ba
source:
id: GHSA-h92q-fgpp-qhrq
- created: 2024-09-19T14:01:01.383066775Z
-review_status: UNREVIEWED
+ created: 2024-09-26T13:39:52.381917-04:00
+review_status: REVIEWED
