c-ares prior to 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote malicious users to spoof DNS responses by guessing the field value.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
daniel stenberg c-ares 1.0 |
||
daniel stenberg c-ares 1.3.2 |
||
daniel stenberg c-ares 1.1 |
||
daniel stenberg c-ares 1.2 |
||
daniel stenberg c-ares 1.2.1 |
||
daniel stenberg c-ares 1.3 |
||
daniel stenberg c-ares 1.3.1 |