blob: 57bdcd38ddf6765867a0b9481c9a8833658d8395 [file] [log] [blame]
id: GO-2020-0008
modules:
- module: github.com/miekg/dns
versions:
- fixed: 1.1.25-0.20191211073109-8ebf2e419df7
vulnerable_at: 1.1.24
packages:
- package: github.com/miekg/dns
symbols:
- id
derived_symbols:
- Msg.SetAxfr
- Msg.SetIxfr
- Msg.SetNotify
- Msg.SetQuestion
- Msg.SetUpdate
summary: Insecure generation of random numbers in github.com/miekg/dns
description: |-
DNS message transaction IDs are generated using math/rand which makes them
relatively predictable. This reduces the complexity of response spoofing attacks
against DNS clients.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2019-19794
ghsas:
- GHSA-44r7-7p62-q3fr
references:
- fix: https://github.com/miekg/dns/pull/1044
- fix: https://github.com/miekg/dns/commit/8ebf2e419df7857ac8919baa05248789a8ffbf33
- web: https://github.com/miekg/dns/issues/1037
- web: https://github.com/miekg/dns/issues/1043
review_status: REVIEWED