How severe is CVE-2023-31147?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-31147?

This is classified as CWE-330, which is a common weakness in software security.

CVE-2023-31147

MEDIUM Year: 2023

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-330

View all →

Vulnerability Description

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1.

CVE-2017-17910

MEDIUM

CVSS:6.5(Medium)

On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur trans...

CWE-3302017

CVE-2018-1279

MEDIUM

CVSS:6.5(Medium)

Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain informat...

CWE-3302018

CVE-2018-18425

MEDIUM

CVSS:6.5(Medium)

The doAirdrop function of a smart contract implementation for Primeo (PEO), an Ethereum token, does not check the numerical relationship between the amount of the air drop and the token's total supply...

CWE-3302018

CVE-2018-19983

MEDIUM

CVSS:6.5(Medium)

An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the at...

CWE-3302018

CVE-2019-6821

MEDIUM

CVSS:6.5(Medium)

CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, an...

CWE-3302019

CVE-2019-9102

MEDIUM

CVSS:6.5(Medium)

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of g...

CWE-3302019

CVE-2023-31147

Vulnerability Description

Related Vulnerabilities

CVE-2017-17910

CVE-2018-1279

CVE-2018-18425

CVE-2018-19983

CVE-2019-6821

CVE-2019-9102