Vulnerabilities > CVE-2019-19794 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Miekg-Dns Project Miekg-Dns
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://github.com/coredns/coredns/issues/3519
- https://github.com/coredns/coredns/issues/3519
- https://github.com/coredns/coredns/issues/3547
- https://github.com/coredns/coredns/issues/3547
- https://github.com/miekg/dns/compare/v1.1.24...v1.1.25
- https://github.com/miekg/dns/compare/v1.1.24...v1.1.25
- https://github.com/miekg/dns/issues/1043
- https://github.com/miekg/dns/issues/1043
- https://github.com/miekg/dns/pull/1044
- https://github.com/miekg/dns/pull/1044