| शीर्षक | Cesanta Mongoose Embedded Web Server 7.20 Insufficiently Random Values |
|---|
| विवरण | The mg_sendnsreq() function in /src/dns.c generates DNS transaction IDs using a sequential counter that resets to 1 whenever the pending request list is empty. Since each resolved query is freed from the list before the next query is typically created, the transaction ID is a constant value of 1 for all non-overlapping DNS queries. This allows an attacker to spoof DNS responses with ~100% reliability without observing any prior traffic, completely bypassing the only authentication mechanism in the DNS protocol. The attack can be performed remotely by any host that can send UDP packets with a spoofed source IP to the victim, requires no authentication, and results in full control over hostname resolution -- enabling man-in-the-middle, credential theft, or redirection to malicious infrastructure. |
|---|
| स्रोत | ⚠️ https://github.com/dwBruijn/CVEs/blob/main/Mongoose/mg_sendnsreq.md |
|---|
| उपयोगकर्ता | dwbruijn (UID 93926) |
|---|
| सबमिशन | 10/02/2026 01:23 PM (2 महीनों पहले) |
|---|
| संयम | 22/02/2026 08:57 AM (12 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 347333 [Cesanta Mongoose तक 7.20 DNS Transaction ID /src/dns.c mg_sendnsreq यादृच्छिक कमजोर एन्क्रिप्शन] |
|---|
| अंक | 20 |
|---|