The ares_init:randomize_key function uses the rand command to produce random numbers. A remote attacker could exploit this vulnerability to possibly spoof hostnames and addresses in the DNS cache. project advisory.
For unknown reasons, it seems CVE-2007-3152 is also often used to refer to this same issue.
This flaw was fixed in 1.4.0.