GHSA-gv9j-4w24-q7vx
Suggest an improvement- Source
- https://github.com/advisories/GHSA-gv9j-4w24-q7vx
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-gv9j-4w24-q7vx/GHSA-gv9j-4w24-q7vx.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-gv9j-4w24-q7vx
- Aliases
- Related
- Published
- 2022-03-01T21:03:11Z
- Modified
- 2024-09-11T06:13:37.012745Z
- Summary
- Improper random number generation in github.com/coredns/coredns
- Details
-
Impact
CoreDNS before 1.6.6 (using go DNS package < 1.1.25) improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
Patches
The problem has been fixed in 1.6.6+.
References
For more information
Please consult our security guide for more information regarding our security process.
- Database specific
{ "severity": "MODERATE", "nvd_published_at": null, "github_reviewed": true, "cwe_ids": [ "CWE-330" ], "github_reviewed_at": "2022-03-01T21:03:11Z" }- References
Affected packages
Go / github.com/coredns/coredns
Package
- Name
- github.com/coredns/coredns
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/coredns/coredns