Filtered by vendor Daniel Stenberg Subscriptions
Filtered by product C-ares Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2007-3153 1 Daniel Stenberg 1 C-ares 2024-11-21 N/A
The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values.
CVE-2007-3152 1 Daniel Stenberg 1 C-ares 2024-11-21 N/A
c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value.