{"id":"GO-2020-0008","summary":"Insecure generation of random numbers in github.com/miekg/dns","details":"DNS message transaction IDs are generated using math/rand which makes them relatively predictable. This reduces the complexity of response spoofing attacks against DNS clients.","aliases":["CVE-2019-19794","GHSA-44r7-7p62-q3fr"],"modified":"2024-05-20T16:03:47Z","published":"2021-04-14T20:04:52Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2020-0008","review_status":"REVIEWED"},"references":[{"type":"FIX","url":"https://github.com/miekg/dns/pull/1044"},{"type":"FIX","url":"https://github.com/miekg/dns/commit/8ebf2e419df7857ac8919baa05248789a8ffbf33"},{"type":"WEB","url":"https://github.com/miekg/dns/issues/1037"},{"type":"WEB","url":"https://github.com/miekg/dns/issues/1043"}],"affected":[{"package":{"name":"github.com/miekg/dns","ecosystem":"Go","purl":"pkg:golang/github.com/miekg/dns"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.1.25-0.20191211073109-8ebf2e419df7"}]}],"ecosystem_specific":{"imports":[{"symbols":["Msg.SetAxfr","Msg.SetIxfr","Msg.SetNotify","Msg.SetQuestion","Msg.SetUpdate","id"],"path":"github.com/miekg/dns"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2020-0008.json"}}],"schema_version":"1.7.3"}