Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AutoTools does not set CARES_RANDOM_FILE during cross compilation
Vulnerability Description
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
使用不充分的随机数
Vulnerability Title
c-ares 安全特征问题漏洞
Vulnerability Description
c-ares是c-ares个人开发者的一个用于异步 DNS 请求的 C 库。 c-ares 1.19.1之前版本存在安全漏洞,该漏洞源于允许攻击者通过不使用CSPRNG来利用熵的缺乏。
CVSS Information
N/A
Vulnerability Type
N/A