Описание
ELSA-2023-3584: c-ares security update (IMPORTANT)
[1.13.0-6.1]
- Resolves: rhbz#2209516 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-8.8.0.z]
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
c-ares
1.13.0-6.el8_8.2
c-ares-devel
1.13.0-6.el8_8.2
Oracle Linux x86_64
c-ares
1.13.0-6.el8_8.2
c-ares-devel
1.13.0-6.el8_8.2
Связанные CVE
Связанные уязвимости
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
c-ares is an asynchronous resolver library. c-ares is vulnerable to de ...