Published: 13/12/2019 Updated: 02/01/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The miekg Go DNS package prior to 1.1.25, as used in CoreDNS prior to 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.

Vulnerable Product	Search on Vulmon	Subscribe to Product
miekg-dns project miekg-dns

Debian Bug report logs - #947403 golang-github-miekg-dns: CVE-2019-19794 Package: src:golang-github-miekg-dns; Maintainer for src:golang-github-miekg-dns is pkg-go <pkg-go-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 26 Dec 2019 13:21:01 UTC Severity: importan ...

Synopsis Moderate: Red Hat OpenShift Jaeger security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Jaeger 120Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...

Synopsis Moderate: Release of containers for OSP 162z director operator tech preview Type/Severity Security Advisory: Moderate Topic Red Hat OpenStack Platform 162 (Train) director Operator containers areavailable for technology preview Description Release osp-director-operator imagesSecurity Fix(es): golang: kubernetes: YAML parsing v ...

CWE-338 https://github.com/miekg/dns/issues/1043 https://github.com/coredns/coredns/issues/3519 https://github.com/miekg/dns/compare/v1.1.24...v1.1.25 https://github.com/miekg/dns/pull/1044 https://github.com/coredns/coredns/issues/3547 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947403 https://nvd.nist.gov

CVE-2019-19794

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect