VYPR

Go modules package

github.com/miekg/dns

pkg:golang/github.com/miekg/dns

Vulnerabilities (3)

  • CVE-2019-19794Dec 13, 2019
    affected < 1.1.25fixed 1.1.25

    The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.

  • CVE-2018-17419Mar 7, 2019
    affected < 1.0.10fixed 1.0.10

    An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service.

  • CVE-2017-15133HigJan 29, 2018
    affected < 1.0.4fixed 1.0.4

    A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections.