Go modules package
github.com/miekg/dns
pkg:golang/github.com/miekg/dns
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-19794 | — | < 1.1.25 | 1.1.25 | Dec 13, 2019 | The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries. | ||
| CVE-2018-17419 | — | < 1.0.10 | 1.0.10 | Mar 7, 2019 | An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service. | ||
| CVE-2017-15133 | Hig | 7.5 | < 1.0.4 | 1.0.4 | Jan 29, 2018 | A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections. |
- CVE-2019-19794Dec 13, 2019affected < 1.1.25fixed 1.1.25
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
- CVE-2018-17419Mar 7, 2019affected < 1.0.10fixed 1.0.10
An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service.
- affected < 1.0.4fixed 1.0.4
A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections.