{"id":"CVE-2020-17470","details":"An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks.","modified":"2026-04-11T20:33:37.092228Z","published":"2020-12-11T23:15:13.747Z","references":[{"type":"ADVISORY","url":"http://fnet.sourceforge.net/manual/fnet_history.html"},{"type":"ADVISORY","url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"},{"type":"ADVISORY","url":"https://www.kb.cert.org/vuls/id/815128"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/butok/fnet","events":[{"introduced":"0"},{"last_affected":"fdfcc63a5715b524ab1809fa67e9b939b5510325"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"4.6.4"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:butok:fnet:*:*:*:*:*:*:*:*"}}],"versions":["3.1.1","3.6.0","FNET_3.3.0","v3.0.0","v3.2.0","v3.4.0","v3.5.0","v3.6.1","v3.7.0","v3.8.0","v3.8.1","v3.8.2","v3.9.0","v3.9.1","v3.9.2","v3.9.3","v3.9.3pre","v3.9.3prev","v3.9.3updated","v3.9.4","v4.0.0","v4.0.1","v4.0.2","v4.1.0","v4.1.1","v4.2.0","v4.3.0","v4.4.0","v4.4.1","v4.5.0","v4.5.1","v4.5.2","v4.5.3","v4.6.0","v4.6.1","v4.6.2","v4.6.3","v4.6.4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-17470.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}