{"id":"DEBIAN-CVE-2008-1637","details":"PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.","modified":"2026-04-28T20:12:11.079123Z","published":"2008-04-02T17:44:00Z","upstream":["CVE-2008-1637"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2008-1637"}],"affected":[{"package":{"name":"pdns-recursor","ecosystem":"Debian:11","purl":"pkg:deb/debian/pdns-recursor?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.7-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2008-1637.json"}},{"package":{"name":"pdns-recursor","ecosystem":"Debian:12","purl":"pkg:deb/debian/pdns-recursor?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.7-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2008-1637.json"}},{"package":{"name":"pdns-recursor","ecosystem":"Debian:13","purl":"pkg:deb/debian/pdns-recursor?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.7-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2008-1637.json"}},{"package":{"name":"pdns-recursor","ecosystem":"Debian:14","purl":"pkg:deb/debian/pdns-recursor?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.7-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2008-1637.json"}}],"schema_version":"1.7.5"}