cbcvebase.
CVE-2008-3905
published 2008-09-04

CVE-2008-3905: resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant…

PriorityP426medium5.8CVSS 2.0
AVNACMAuNCNIPAP
EPSS
2.42%
82.1th percentile
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

Affected

13 ranges
VendorProductVersion rangeFixed in
ruby-langruby<= 1.8.5
ruby-langruby<= 1.8.6
ruby-langruby<= 1.8.7
ruby-langruby<= 1.9
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby

CVSS provenance

nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:P
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.