data/reports: update GO-2024-3134

- data/reports/GO-2024-3134.yaml Updates #3134 Fixes #3159 Change-Id: Ic39b8e8695e8a759860ddffae684465ad64999db Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/616058 Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
golang · Sep 26, 2024 · ce0a8b8 · ce0a8b8
1 parent 74aba44
commit ce0a8b8
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 11 deletions.
diff --git a/data/osv/GO-2024-3134.json b/data/osv/GO-2024-3134.json
@@ -8,7 +8,7 @@
     "GHSA-h92q-fgpp-qhrq"
   ],
   "summary": "CoreDNS Cache Poisoning via a birthday attack in github.com/coredns/coredns",
-  "details": "CoreDNS Cache Poisoning via a birthday attack in github.com/coredns/coredns",
+  "details": "CoreDNS enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.",
   "affected": [
     {
       "package": {
@@ -21,11 +21,23 @@
           "events": [
             {
               "introduced": "0"
+            },
+            {
+              "fixed": "1.11.0"
             }
           ]
         }
       ],
-      "ecosystem_specific": {}
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "github.com/coredns/coredns/plugin/pkg/proxy",
+            "symbols": [
+              "Proxy.Connect"
+            ]
+          }
+        ]
+      }
     }
   ],
   "references": [
@@ -34,8 +46,8 @@
       "url": "https://github.com/advisories/GHSA-h92q-fgpp-qhrq"
     },
     {
-      "type": "ADVISORY",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30464"
+      "type": "FIX",
+      "url": "https://github.com/coredns/coredns/commit/604a902e2c7e0317aecaa3666124079c75a31573"
     },
     {
       "type": "WEB",
@@ -44,6 +56,6 @@
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2024-3134",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }
diff --git a/data/reports/GO-2024-3134.yaml b/data/reports/GO-2024-3134.yaml
@@ -1,19 +1,26 @@
 id: GO-2024-3134
 modules:
     - module: github.com/coredns/coredns
-      unsupported_versions:
-        - last_affected: 1.10.1
-      vulnerable_at: 1.11.3
+      versions:
+        - fixed: 1.11.0
+      vulnerable_at: 1.10.1
+      packages:
+        - package: github.com/coredns/coredns/plugin/pkg/proxy
+          symbols:
+            - Proxy.Connect
 summary: CoreDNS Cache Poisoning via a birthday attack in github.com/coredns/coredns
+description: |-
+    CoreDNS enables attackers to achieve DNS cache poisoning and inject fake
+    responses via a birthday attack.
 cves:
     - CVE-2023-30464
 ghsas:
     - GHSA-h92q-fgpp-qhrq
 references:
     - advisory: https://github.com/advisories/GHSA-h92q-fgpp-qhrq
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-30464
+    - fix: https://github.com/coredns/coredns/commit/604a902e2c7e0317aecaa3666124079c75a31573
     - web: https://gist.github.com/idealeer/e41c7fb3b661d4262d0b6f21e12168ba
 source:
     id: GHSA-h92q-fgpp-qhrq
-    created: 2024-09-19T14:01:01.383066775Z
-review_status: UNREVIEWED
+    created: 2024-09-26T13:39:52.381917-04:00
+review_status: REVIEWED