Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
daniel stenberg c-ares 1.2.1 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-3152
c-ares prior to 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote malicious users to spoof DNS responses by guessing the field value.
Daniel Stenberg C-ares 1.0
Daniel Stenberg C-ares 1.3.2
Daniel Stenberg C-ares 1.1
Daniel Stenberg C-ares 1.2
Daniel Stenberg C-ares 1.2.1
Daniel Stenberg C-ares 1.3
Daniel Stenberg C-ares 1.3.1
5
CVSSv2
CVE-2007-3153
The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote malicious users to spoof DNS responses by guessing certain values.
Daniel Stenberg C-ares 1.0
Daniel Stenberg C-ares 1.1
Daniel Stenberg C-ares 1.3.2
Daniel Stenberg C-ares 1.2
Daniel Stenberg C-ares 1.2.1
Daniel Stenberg C-ares 1.3
Daniel Stenberg C-ares 1.3.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started