Описание
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| c-ares | fixed | 1.34.6-1 | package | |
| c-ares | not-affected | bookworm | package | |
| c-ares | not-affected | bullseye | package |
Примечания
https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5
Fixed by: https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618 (main)
Fixed by: https://github.com/c-ares/c-ares/commit/abf004903696383bf701b77b87f2a7ed7aaa1276 (v1.34.6)
Связанные уязвимости
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.
c-ares has a Use After Free vulnerability when connection is cleaned up after error