Latest C-ares project Vulnerabilities

CVE-2023-32067
<a href="https://access.redhat.com/security/cve/CVE-2023-32067">CVE-2023-32067</a>. 0-byte UDP payload causes Denial of Service (<a href="https://github.com/c-ares/c-ares/security/advisories/GHSA-9g7...
C-ares Project C-ares<1.19.1
Fedoraproject Fedora=37
Fedoraproject Fedora=38
IBM QRadar SIEM<=7.5.0 - 7.5.0 UP6
Debian Debian Linux=10.0
Debian Debian Linux=11.0
and 8 more
CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is a...
C-ares Project C-ares<1.19.1
Fedoraproject Fedora=37
Fedoraproject Fedora=38
CVE-2023-31130
ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configurat...
C-ares Project C-ares<1.19.1
Fedoraproject Fedora=37
Fedoraproject Fedora=38
Debian Debian Linux=10.0
Debian Debian Linux=11.0
ubuntu/c-ares<1.14.0-1ubuntu0.2+
and 7 more
CVE-2023-31124
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This wil...
C-ares Project C-ares<1.19.1
Fedoraproject Fedora=37
Fedoraproject Fedora=38
CVE-2022-4904
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a ...
redhat/nodejs<18-9020020230327152102.rhel9
redhat/nodejs<1:16.19.1-1.el9_2
redhat/nodejs<1:16.20.2-1.el9_0
redhat/rh-nodejs14<0:3.6-2.el7
redhat/rh-nodejs14-nodejs<0:14.21.3-2.el7
<1.19.0
and 9 more
CVE-2021-3672
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Dom...
redhat/c-ares<1.17.2
redhat/c-ares<0:1.13.0-6.el8
redhat/rh-nodejs14-nodejs<0:14.17.5-1.el7
redhat/rh-nodejs12-nodejs<0:12.22.5-1.el7
redhat/rh-nodejs12-nodejs-nodemon<0:2.0.3-5.el7
>=1.0.0<1.17.2
and 69 more
CVE-2020-8277
Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could exploit this vulnerability to trigger a DNS reques...
IBM Cloud Pak for Security (CP4S)<=1.6.0.1
IBM Cloud Pak for Security (CP4S)<=1.6.0.0
IBM Cloud Pak for Security (CP4S)<=1.5.0.1
IBM Cloud Pak for Security (CP4S)<=1.5.0.0
IBM Cloud Pak for Security (CP4S)<=1.4.0.0
Nodejs Node.js>=12.16.3<12.19.1
and 17 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203