Giannis Tsaraias

**Name of the Vulnerable Software and Affected Versions** uClibc-ng versions through 1.0.40 uClibc versions through 0.9.33.2 **Description** The issue is related to the use of predictable DNS transaction IDs, which may lead to DNS cache poisoning. This is due to a reset of a value to 0x2. The vulnerability can be exploited by a remote attacker to send specially crafted DNS packets, potentially damaging the DNS cache with incorrect records and redirecting users to arbitrary sites. **Recommendations** For uClibc-ng versions through 1.0.40, update to a version later than 1.0.40 to resolve the issue. For uClibc versions through 0.9.33.2, update to a version later than 0.9.33.2 to resolve the issue. As a temporary workaround, consider restricting DNS query functionality until a patch is available.