What is CVE-2023-32067?

CVE-2023-32067 is a vulnerability in the c-ares asynchronous resolver library that allows an attacker to cause denial of service by sending a malformed UDP packet.

What is the severity of CVE-2023-32067?

CVE-2023-32067 has a severity rating of 7 (high).

How does CVE-2023-32067 affect c-ares?

CVE-2023-32067 affects c-ares versions up to 1.19.1.

How can I fix CVE-2023-32067?

To fix CVE-2023-32067, you should update c-ares to version 1.19.1 or higher.

Where can I find more information about CVE-2023-32067?

You can find more information about CVE-2023-32067 on the Red Hat security page, the c-ares GitHub security advisories page, and the Bugzilla page.

Vulnerability/
CVE-2023-32067

high

7.5

CWE

400

24/5/2023

25/5/2023

2/8/2024

CVE-2023-32067: 0-byte UDP payload DoS in c-ares

First published: Wed May 24 2023(Updated: )

<a href="https://access.redhat.com/security/cve/CVE-2023-32067">CVE-2023-32067</a>. 0-byte UDP payload causes Denial of Service (<a href="https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc">https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc</a>)

Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
C-ares Project C-ares	<1.19.1
Fedoraproject Fedora	=37
Fedoraproject Fedora	=38
IBM QRadar SIEM	<=7.5.0 - 7.5.0 UP6
Debian Debian Linux	=10.0
Debian Debian Linux	=11.0
ubuntu/c-ares	<1.14.0-1ubuntu0.2+	1.14.0-1ubuntu0.2+
ubuntu/c-ares	<1.10.0-3ubuntu0.2+	1.10.0-3ubuntu0.2+
ubuntu/c-ares	<1.19.1<1.18.1-3	1.19.1 1.18.1-3
ubuntu/c-ares	<1.15.0-1ubuntu0.3	1.15.0-1ubuntu0.3
ubuntu/c-ares	<1.18.1-1ubuntu0.22.04.2	1.18.1-1ubuntu0.22.04.2
ubuntu/c-ares	<1.18.1-1ubuntu0.22.10.2	1.18.1-1ubuntu0.22.10.2
ubuntu/c-ares	<1.18.1-2ubuntu0.1	1.18.1-2ubuntu0.1
debian/c-ares	<=1.14.0-1+deb10u1	1.14.0-1+deb10u4 1.17.1-1+deb11u3 1.18.1-3 1.26.0-1

Remedy

https://github.com/c-ares/c-ares/commit/b9b8413cfdb70a3f99e1573333b23052d57ec1ae

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2023-32067?
CVE-2023-32067 is a vulnerability in the c-ares asynchronous resolver library that allows an attacker to cause denial of service by sending a malformed UDP packet.
What is the severity of CVE-2023-32067?
CVE-2023-32067 has a severity rating of 7 (high).
How does CVE-2023-32067 affect c-ares?
CVE-2023-32067 affects c-ares versions up to 1.19.1.
How can I fix CVE-2023-32067?
To fix CVE-2023-32067, you should update c-ares to version 1.19.1 or higher.
Where can I find more information about CVE-2023-32067?
You can find more information about CVE-2023-32067 on the Red Hat security page, the c-ares GitHub security advisories page, and the Bugzilla page.

collector/nvd-latest
vendor/c-ares project
product/c-ares
canonical/c-ares project c-ares
vendor/fedoraproject
product/fedora
canonical/fedoraproject fedora
collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/usn-cve
source/Ubuntu
agent/software-canonical-lookup
collector/nvd-cve
source/NVD
agent/remedy
agent/severity
agent/weakness
agent/author
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-32067
collector/security-tracker-debian
source/Debian
agent/softwarecombine
agent/references
agent/title
agent/event
collector/nvd-api
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/ibm-support
source/IBM
version/fedoraproject fedora/37
version/fedoraproject fedora/38
package-manager/ubuntu
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
version/debian debian linux/11.0
package-manager/debian
vendor/ibm
canonical/ibm qradar siem
version/ibm qradar siem/7.5.0 - 7.5.0 up6