CVE-2024-25629: c-ares out of bounds read in ares__read_line()
First published: Fri Feb 23 2024(Updated: )
c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/c-ares | <=1.14.0-1+deb10u1<=1.14.0-1+deb10u4<=1.17.1-1+deb11u3<=1.18.1-3 | 1.27.0-1 |
| ubuntu/c-ares | <1.14.0-1ubuntu0.2+ | 1.14.0-1ubuntu0.2+ |
| ubuntu/c-ares | <1.15.0-1ubuntu0.5 | 1.15.0-1ubuntu0.5 |
| ubuntu/c-ares | <1.18.1-1ubuntu0.22.04.3 | 1.18.1-1ubuntu0.22.04.3 |
| ubuntu/c-ares | <1.19.1-3ubuntu0.1 | 1.19.1-3ubuntu0.1 |
| ubuntu/c-ares | <1.27.0 | 1.27.0 |
| ubuntu/c-ares | <1.10.0-3ubuntu0.2+ | 1.10.0-3ubuntu0.2+ |
| redhat/c-ares | <1.27.0 | 1.27.0 |
| F5 Traffix SDC | >=5.1.0<=5.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q
- https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183
- https://security-tracker.debian.org/tracker/CVE-2024-25629
- https://launchpad.net/bugs/cve/CVE-2024-25629
- https://ubuntu.com/security/notices/USN-6676-1
- https://www.cve.org/CVERecord?id=CVE-2024-25629
- https://nvd.nist.gov/vuln/detail/CVE-2024-25629
- https://ubuntu.com/security/CVE-2024-25629
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2265714
- https://access.redhat.com/errata/RHSA-2024:2779
- https://access.redhat.com/errata/RHSA-2024:2778
- https://access.redhat.com/errata/RHSA-2024:2780
- https://access.redhat.com/errata/RHSA-2024:2853
- https://access.redhat.com/errata/RHSA-2024:2910
- https://access.redhat.com/errata/RHSA-2024:3842
- https://access.redhat.com/errata/RHSA-2024:4249
- https://access.redhat.com/errata/RHSA-2024:4559
- https://access.redhat.com/errata/RHSA-2024:4721
- https://bugzilla.redhat.com/show_bug.cgi?id=2265713
- https://my.f5.com/manage/s/article/K000141051
- collector/oss-sec
- source/oss-sec
- alias/CVE-2024-25629
- agent/weakness
- agent/title
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/launchpad-cve
- source/Launchpad
- agent/event
- collector/nvd-cve
- source/NVD
- agent/author
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/usn-cve
- source/Ubuntu
- collector/nvd-api
- agent/softwarecombine
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- agent/tags
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/f5-advisory
- source/F5
- package-manager/debian
- package-manager/ubuntu
- package-manager/redhat
- vendor/f5
- canonical/f5 traffix sdc
- version/f5 traffix sdc/5.1.0
- version/f5 traffix sdc/5.2.0