RSS   Vulnerabilities for 'Miekg-dns'   RSS

2019-12-13
 
CVE-2019-19794

CWE-338
 

 
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.

 
2018-01-29
 
CVE-2017-15133

CWE-400
 

 
A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections.

 


Copyright 2024, cxsecurity.com

 

Back to Top