The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote malicious users to spoof DNS responses by guessing certain values.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
daniel stenberg c-ares 1.0 |
||
daniel stenberg c-ares 1.1 |
||
daniel stenberg c-ares 1.3.2 |
||
daniel stenberg c-ares 1.2 |
||
daniel stenberg c-ares 1.2.1 |
||
daniel stenberg c-ares 1.3 |
||
daniel stenberg c-ares 1.3.1 |