Описание
ELSA-2023-3741: c-ares security update (IMPORTANT)
[1.10.0-3.1]
- Resolves: rhbz#2209503 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-7.9.z]
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
c-ares
1.10.0-3.el7_9.1
c-ares-devel
1.10.0-3.el7_9.1
Oracle Linux x86_64
c-ares
1.10.0-3.el7_9.1
c-ares-devel
1.10.0-3.el7_9.1
Связанные CVE
Связанные уязвимости
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
c-ares is an asynchronous resolver library. c-ares is vulnerable to de ...