exploitDog

CVE-2007-3153

Опубликовано: 11 июн. 2007

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:daniel_stenberg:c-ares:1.0:*:*:*:*:*:*:*

cpe:2.3:a:daniel_stenberg:c-ares:1.1:*:*:*:*:*:*:*

cpe:2.3:a:daniel_stenberg:c-ares:1.2:*:*:*:*:*:*:*

cpe:2.3:a:daniel_stenberg:c-ares:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:daniel_stenberg:c-ares:1.3:*:*:*:*:*:*:*

cpe:2.3:a:daniel_stenberg:c-ares:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:daniel_stenberg:c-ares:1.3.2:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00377

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-mrjq-p33j-h2vf

github

почти 4 года назад

The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values.

EPSS

Процентиль: 59%

0.00377

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other