Vulnerabilities > Daniel Stenberg > C Ares > 1.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-06-11 | CVE-2007-3153 | Remote Cache Poisoning vulnerability in C-Ares DNS Library The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values. | 5.0 |
2007-06-11 | CVE-2007-3152 | Remote Cache Poisoning vulnerability in C-Ares DNS Library c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value. | 7.5 |