Описание
ELSA-2023-3559: c-ares security update (IMPORTANT)
[1.17.1-5.1]
- Resolves: rhbz#2209519 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-9.2.0.z]
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
c-ares
1.17.1-5.el9_2.1
c-ares-devel
1.17.1-5.el9_2.1
Oracle Linux x86_64
c-ares
1.17.1-5.el9_2.1
c-ares-devel
1.17.1-5.el9_2.1
Связанные CVE
Связанные уязвимости
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
c-ares is an asynchronous resolver library. c-ares is vulnerable to de ...