The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values.
Name | Vendor | Start Version | End Version |
---|---|---|---|
C-ares | Daniel_stenberg | 1.3 | 1.3 |
C-ares | Daniel_stenberg | 1.0 | 1.0 |
C-ares | Daniel_stenberg | 1.3.2 | 1.3.2 |
C-ares | Daniel_stenberg | 1.2.1 | 1.2.1 |
C-ares | Daniel_stenberg | 1.2 | 1.2 |
C-ares | Daniel_stenberg | 1.3.1 | 1.3.1 |
C-ares | Daniel_stenberg | 1.1 | 1.1 |