Описание
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| c-ares | fixed | 1.18.1-2 | package | |
| c-ares | fixed | 1.17.1-1+deb11u2 | bullseye | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=2168631
https://github.com/c-ares/c-ares/pull/497
https://github.com/c-ares/c-ares/commit/9903253c347f9e0bffd285ae3829aef251cc852d (cares-1_19_0)
Связанные уязвимости
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
