Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-31130

Опубликовано: 25 мая 2023
Источник: debian
EPSS Низкий

Описание

c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
c-aresfixed1.19.1-1experimentalpackage
c-aresfixed1.18.1-3package

Примечания

  • https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v

  • https://github.com/c-ares/c-ares/commit/f22cc01039b6473b736d3bf438f56a2654cdf2b2 (cares-1_19_1)

EPSS

Процентиль: 1%
0.00011
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-31130

CVSS3: 4.1
ubuntu
около 2 лет назад

c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.

redhat логотип

CVE-2023-31130

CVSS3: 5.7
redhat
около 2 лет назад

c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.

nvd логотип

CVE-2023-31130

CVSS3: 4.1
nvd
около 2 лет назад

c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.

msrc логотип

CVE-2023-31130

CVSS3: 6.4
msrc
2 месяца назад

Описание отсутствует

fstec логотип

BDU:2023-07647

CVSS3: 6.4
fstec
около 2 лет назад

Уязвимость функции ares_inet_net_pton() библиотеки асинхронных DNS-запросов C-ares, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 1%
0.00011
Низкий