Missing input validation on hostnames returned by DNS servers
NAPTR parser out of bounds access
ares_create_query single byte out of buffer write
The ares_init:randomize_key function uses the rand command to produce random numbers. A remote attacker could exploit this vulnerability to possibly spoof hostnames and addresses in the DNS cache. project advisory.
For unknown reasons, it seems CVE-2007-3152 is also often used to refer to this same issue.
This flaw was fixed in 1.4.0.