Moderate severityNVD Advisory· Published Dec 13, 2019· Updated Aug 5, 2024
CVE-2019-19794
CVE-2019-19794
Description
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/miekg/dnsGo | < 1.1.25 | 1.1.25 |
Affected products
2- miekg/Go DNS packagedescription
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-44r7-7p62-q3frghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-19794ghsaADVISORY
- github.com/coredns/coredns/issues/3519ghsax_refsource_MISCWEB
- github.com/coredns/coredns/issues/3547ghsax_refsource_CONFIRMWEB
- github.com/miekg/dns/commit/8ebf2e419df7857ac8919baa05248789a8ffbf33ghsaWEB
- github.com/miekg/dns/compare/v1.1.24...v1.1.25ghsax_refsource_MISCWEB
- github.com/miekg/dns/issues/1037ghsaWEB
- github.com/miekg/dns/issues/1043ghsax_refsource_MISCWEB
- github.com/miekg/dns/pull/1044ghsax_refsource_MISCWEB
- pkg.go.dev/vuln/GO-2020-0008ghsaWEB
News mentions
0No linked articles in our index yet.