First published: Tue Aug 22 2023(Updated: )
Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
C-ares C-ares | =1.16.1 | |
C-ares C-ares | =1.17.0 | |
ubuntu/c-ares | <1.15.0-1ubuntu0.4 | 1.15.0-1ubuntu0.4 |
Debian Debian Linux | =10.0 | |
redhat/c-ares | <1.17.0 | 1.17.0 |
debian/c-ares | <=1.14.0-1+deb10u1 | 1.14.0-1+deb10u4 1.17.1-1+deb11u3 1.18.1-3 1.27.0-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-22217 is a buffer overflow vulnerability in c-ares, specifically in the function ares_parse_soa_reply.
CVE-2020-22217 has a severity rating of 9.8 (Critical).
Versions c-ares 1.16.1 through 1.17.0 are affected by CVE-2020-22217.
To fix CVE-2020-22217, update c-ares to version 1.17.1-1+deb11u2 or later.
You can find more information about CVE-2020-22217 on the GitHub issue page and the Debian LTS announcement.