Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cesanta Mongoose DNS Transaction ID dns.c mg_sendnsreq random values
Vulnerability Description
A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched remotely. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
使用不充分的随机数
Vulnerability Title
Cesanta Mongoose 安全特征问题漏洞
Vulnerability Description
Cesanta Mongoose是爱尔兰Cesanta公司的一套嵌入式服务器库,它包括TCP、HTTP客户端和服务器、WenSocket客户端和服务器等功能。 Cesanta Mongoose 7.20及之前版本存在安全特征问题漏洞,该漏洞源于对组件DNS Transaction ID Handler中文件/src/dns.c的函数mg_sendnsreq的参数random的错误操作,可能导致随机性不足。
CVSS Information
N/A
Vulnerability Type
N/A