CoreDNS before 1.6.6 (using go DNS package < 1.1.25) improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
The problem has been fixed in 1.6.6+.
Please consult our security guide for more information regarding our security process.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/coredns/coredns | lt | 1.6.6 |