Unrated severityNVD Advisory· Published Jun 11, 2007· Updated Jun 16, 2026
CVE-2007-3152
CVE-2007-3152
Description
c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:daniel_stenberg:c-ares:1.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:daniel_stenberg:c-ares:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:daniel_stenberg:c-ares:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:daniel_stenberg:c-ares:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:daniel_stenberg:c-ares:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:daniel_stenberg:c-ares:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:daniel_stenberg:c-ares:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:daniel_stenberg:c-ares:1.3.2:*:*:*:*:*:*:*
- (no CPE)range: <1.4.0
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.