CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-3152

c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.3%

CVSS Severity

CVSS v2 Score 7.5

References

http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD&content-type=text/vnd.viewcvs-markup
http://osvdb.org/37171
http://secunia.com/advisories/25579
http://www.securityfocus.com/bid/24386
https://exchange.xforce.ibmcloud.com/vulnerabilities/34979
http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD&content-type=text/vnd.viewcvs-markup
http://osvdb.org/37171
http://secunia.com/advisories/25579
http://www.securityfocus.com/bid/24386
https://exchange.xforce.ibmcloud.com/vulnerabilities/34979

Products affected by CVE-2007-3152

Daniel Stenberg » C-Ares » Version: 1.0

cpe:2.3:a:daniel_stenberg:c-ares:1.0
Daniel Stenberg » C-Ares » Version: 1.1

cpe:2.3:a:daniel_stenberg:c-ares:1.1
Daniel Stenberg » C-Ares » Version: 1.2

cpe:2.3:a:daniel_stenberg:c-ares:1.2
Daniel Stenberg » C-Ares » Version: 1.2.1

cpe:2.3:a:daniel_stenberg:c-ares:1.2.1
Daniel Stenberg » C-Ares » Version: 1.3

cpe:2.3:a:daniel_stenberg:c-ares:1.3
Daniel Stenberg » C-Ares » Version: 1.3.1

cpe:2.3:a:daniel_stenberg:c-ares:1.3.1
Daniel Stenberg » C-Ares » Version: 1.3.2

cpe:2.3:a:daniel_stenberg:c-ares:1.3.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-3152

Products

Pricing

Contact Us