Lucene search

GoogleOSV:CVE-2019-19794

HistoryDec 13, 2019 - 10:15 p.m.

CVE-2019-19794

2019-12-1322:15:11

Google

osv.dev

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.8%

JSON

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.

CPENameOperatorVersion
dnseq1.0.10
dnseq1.1.17
dnseq1.0.9
dnseq1.1.7
dnseq1.0.3
dnseq1.0.0
dnseq1.1.16
dnseq1.0.8
dnseq1.1.18
dnseq1.1.13

Name	Operator	Version
dns	eq	1.0.10
dns	eq	1.1.17
dns	eq	1.0.9
dns	eq	1.1.7
dns	eq	1.0.3
dns	eq	1.0.0
dns	eq	1.1.16
dns	eq	1.0.8
dns	eq	1.1.18
dns	eq	1.1.13

Rows per page:

1-10 of 401

References

github.com/coredns/coredns/issues/3519

github.com/coredns/coredns/issues/3547

github.com/miekg/dns/compare/v1.1.24...v1.1.25

github.com/miekg/dns/issues/1043

github.com/miekg/dns/pull/1044

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.8%

JSON

Related for OSV:CVE-2019-19794