VYPR
Unrated severityNVD Advisory· Published Sep 18, 2008· Updated Jun 16, 2026

CVE-2008-4099

CVE-2008-4099

Description

PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

12
  • Debian/Python DNS11 versions
    cpe:2.3:a:debian:python-dns:*:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:debian:python-dns:*:*:*:*:*:*:*:*range: <=2.3.1-3
    • cpe:2.3:a:debian:python-dns:2.3.0-1:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:python-dns:2.3.0-2:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:python-dns:2.3.0-3:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:python-dns:2.3.0-4:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:python-dns:2.3.0-5:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:python-dns:2.3.0-5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:python-dns:2.3.0-6:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:python-dns:2.3.1-1:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:python-dns:2.3.1-2:*:*:*:*:*:*:*
    • (no CPE)range: <2.3.1-4
  • osv-coords
    Range: < 2.3.1-5

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.