USN-6376-1: c-ares vulnerability

First published: Mon Sep 18 2023

Last modified: Mon Sep 18 2023

It was discovered that c-ares incorrectly parsed certain SOA replies. A remote attacker could possibly use this issue to cause c-res to crash, resulting in a denial of service.

Any of

  • All of

    • ubuntu/libc-ares2
      fixed in: 1.15.0-1ubuntu0.4
    • Ubuntu Ubuntu


  • What is the vulnerability ID for this c-ares vulnerability?

    The vulnerability ID for this c-ares vulnerability is CVE-2020-22217.

  • What is the impact of the c-ares vulnerability?

    The c-ares vulnerability can result in a denial of service by causing c-ares to crash.

  • Which software versions are affected by this c-ares vulnerability?

    The affected software version is libc-ares2 1.15.0-1ubuntu0.4 on Ubuntu 20.04.

  • How can I fix the c-ares vulnerability?

    To fix the c-ares vulnerability, you should update libc-ares2 to version 1.15.0-1ubuntu0.4.

  • Where can I find more information about the c-ares vulnerability?

    You can find more information about the c-ares vulnerability in the Ubuntu Security Notice USN-6376-1.

Child vulnerabilities

SecAlerts Pty Ltd.
Fortitude Valley,
QLD 4006, Australia
© Copyright 2023 - ABN: 70 645 966 203, ACN: 645 966 203