resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
CVE-2008-3905
- No confirmed exploitation signals yet
A fix is available — apply it.
- CVSS v3
- —
- EG Score
- 0.0(none)
- EPSS
- 82.2%
- KEV
- Not listed
Published
September 4, 2008
Last Modified
April 23, 2026
References (48)
- cve@mitrehttp://secunia.com/advisories/31430
- cve@mitrehttp://secunia.com/advisories/32165
- cve@mitrehttp://secunia.com/advisories/32219
- cve@mitrehttp://secunia.com/advisories/32255
- cve@mitrehttp://secunia.com/advisories/32256
- cve@mitrehttp://secunia.com/advisories/32371
- cve@mitrehttp://secunia.com/advisories/32948
- cve@mitrehttp://secunia.com/advisories/33178
- cve@mitrehttp://security.gentoo.org/glsa/glsa-200812-17.xml
- cve@mitrehttp://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754
- cve@mitrehttp://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
- cve@mitrehttp://www.debian.org/security/2008/dsa-1651
- cve@mitrehttp://www.debian.org/security/2008/dsa-1652
- cve@mitrehttp://www.openwall.com/lists/oss-security/2008/09/03/3
- cve@mitrehttp://www.openwall.com/lists/oss-security/2008/09/04/9
Vendor Advisories for CVE-2008-3905(3)
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
- RHSA-2026:8838Red Hat Product SecurityMedium
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
- RHSA-2026:7307Red Hat Product SecurityMedium
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
- RHSA-2026:7305Red Hat Product SecurityMedium
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Weakness Classification(1)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Additional Vendor Advisories
(3)
Vendors that published advisories for this CVE beyond the curated set above. Broader coverage but minimal per-row detail — click through for the original advisory.
Related CVEs(same vendor + same CWE)
Same vendor
10 shownredhat
Frequently asked(4)
What is CVE-2008-3905?
When was CVE-2008-3905 disclosed?
Is CVE-2008-3905 actively exploited?
How do I remediate CVE-2008-3905?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2008-3905
Is Your Infrastructure Affected by CVE-2008-3905?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.