Improper random number generation in github.com/coredns/coredns

Impact

CoreDNS before 1.6.6 (using go DNS package < 1.1.25) improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.

Patches

The problem has been fixed in 1.6.6+.

References

CVE-2019-19794

For more information

Please consult our security guide for more information regarding our security process.

References

GHSA-gv9j-4w24-q7vx

yongtang published to coredns/coredns Feb 26, 2022

Published to the GitHub Advisory Database Mar 1, 2022

Reviewed Mar 1, 2022

Last updated Jan 11, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

Impact

Patches

References

For more information

References

Severity

Weaknesses

CVE ID

GHSA ID

Source code