You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Improper random number generation in github.com/coredns/coredns
Moderate severity
GitHub Reviewed
Published
Feb 26, 2022
in
coredns/coredns
•
Updated Jan 11, 2023
CoreDNS before 1.6.6 (using go DNS package < 1.1.25) improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
Impact
CoreDNS before 1.6.6 (using go DNS package < 1.1.25) improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
Patches
The problem has been fixed in 1.6.6+.
References
For more information
Please consult our security guide for more information regarding our security process.
References