First published: Wed May 24 2023(Updated: )
<a href="https://access.redhat.com/security/cve/CVE-2023-32067">CVE-2023-32067</a>. 0-byte UDP payload causes Denial of Service (<a href="https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc">https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc</a>)
Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
C-ares Project C-ares | <1.19.1 | |
Fedoraproject Fedora | =37 | |
Fedoraproject Fedora | =38 | |
ubuntu/c-ares | <1.14.0-1ubuntu0.2+ | 1.14.0-1ubuntu0.2+ |
ubuntu/c-ares | <1.10.0-3ubuntu0.2+ | 1.10.0-3ubuntu0.2+ |
ubuntu/c-ares | <1.19.1<1.18.1-3 | 1.19.1 1.18.1-3 |
ubuntu/c-ares | <1.15.0-1ubuntu0.3 | 1.15.0-1ubuntu0.3 |
ubuntu/c-ares | <1.18.1-1ubuntu0.22.04.2 | 1.18.1-1ubuntu0.22.04.2 |
ubuntu/c-ares | <1.18.1-1ubuntu0.22.10.2 | 1.18.1-1ubuntu0.22.10.2 |
ubuntu/c-ares | <1.18.1-2ubuntu0.1 | 1.18.1-2ubuntu0.1 |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
debian/c-ares | <=1.14.0-1+deb10u1 | 1.14.0-1+deb10u4 1.17.1-1+deb11u3 1.18.1-3 1.26.0-1 |
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-32067 is a vulnerability in the c-ares asynchronous resolver library that allows an attacker to cause denial of service by sending a malformed UDP packet.
CVE-2023-32067 has a severity rating of 7 (high).
CVE-2023-32067 affects c-ares versions up to 1.19.1.
To fix CVE-2023-32067, you should update c-ares to version 1.19.1 or higher.
You can find more information about CVE-2023-32067 on the Red Hat security page, the c-ares GitHub security advisories page, and the Bugzilla page.