Friday, December 11, 2020
CVE-2020-17470
nist.gov
In: nist.gov
An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks. CVE-2020-17470