What is the vulnerability ID for this flaw in the c-ares package?

The vulnerability ID for this flaw in the c-ares package is CVE-2022-4904.

What is the severity of CVE-2022-4904?

The severity of CVE-2022-4904 is high with a severity value of 8.6.

Which software versions are affected by CVE-2022-4904?

The affected software versions include nodejs 18-9020020230327152102.rhel9, nodejs 1:16.19.1-1.el9_2, nodejs 1:16.20.2-1.el9_0, rh-nodejs14 0:3.6-2.el7, and rh-nodejs14-nodejs 0:14.21.3-2.el7.

How do I fix CVE-2022-4904?

To fix CVE-2022-4904, it is recommended to update the affected software versions to the specified remedy versions.

Vulnerability/
CVE-2022-4904

high

8.6

CWE

20 1284 119

13/12/2022

6/3/2023

5/1/2024

CVE-2022-4904: Input Validation

Q: What is the impact of CVE-2022-4904?

CVE-2022-4904 may cause a denial of service or a limited impact on confidentiality and integrity.

First published: Tue Dec 13 2022(Updated: )

A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/nodejs	<18-9020020230327152102.rhel9	18-9020020230327152102.rhel9
redhat/nodejs	<1:16.19.1-1.el9_2	1:16.19.1-1.el9_2
redhat/nodejs	<1:16.20.2-1.el9_0	1:16.20.2-1.el9_0
redhat/rh-nodejs14	<0:3.6-2.el7	0:3.6-2.el7
redhat/rh-nodejs14-nodejs	<0:14.21.3-2.el7	0:14.21.3-2.el7
	<1.19.0

	=8.0
	=9.0
	=36
C-ares Project C-ares	<1.19.0
Redhat Software Collections
Redhat Enterprise Linux	=8.0
Redhat Enterprise Linux	=9.0
Fedoraproject Fedora	=36

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the vulnerability ID for this flaw in the c-ares package?
The vulnerability ID for this flaw in the c-ares package is CVE-2022-4904.
What is the severity of CVE-2022-4904?
The severity of CVE-2022-4904 is high with a severity value of 8.6.
What is the impact of CVE-2022-4904?
CVE-2022-4904 may cause a denial of service or a limited impact on confidentiality and integrity.
Which software versions are affected by CVE-2022-4904?
The affected software versions include nodejs 18-9020020230327152102.rhel9, nodejs 1:16.19.1-1.el9_2, nodejs 1:16.20.2-1.el9_0, rh-nodejs14 0:3.6-2.el7, and rh-nodejs14-nodejs 0:14.21.3-2.el7.
How do I fix CVE-2022-4904?
To fix CVE-2022-4904, it is recommended to update the affected software versions to the specified remedy versions.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
collector/nvd-index
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-4904
collector/redhat-cve
vendor/c-ares project
canonical/c-ares project c-ares
vendor/redhat
canonical/redhat software collections
canonical/redhat enterprise linux
version/redhat enterprise linux/8.0
version/redhat enterprise linux/9.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/36
package-manager/redhat

CVE-2022-4904: Input Validation

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is the vulnerability ID for this flaw in the c-ares package?

What is the severity of CVE-2022-4904?

What is the impact of CVE-2022-4904?

Which software versions are affected by CVE-2022-4904?

How do I fix CVE-2022-4904?

Company

Resources

Contact