Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-14354

Опубликовано: 02 авг. 2020
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.

Отчет

This flaw is rated as a having Moderate impact, because it can happen only during close of the service (or when handling ARES_ECONNREFUSED). The Red Hat Enterprise Linux not affected (all versions), because the version of c-ares being used is 1.13.0, and the bug introduced in 1.16.0 (and then fixed in 1.16.1).

Меры по смягчению последствий

If calling wait_ares(channel) before ares_destroy() in the service that uses c-ares, then this should prevent this bug.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5c-aresNot affected
Red Hat Enterprise Linux 6c-aresNot affected
Red Hat Enterprise Linux 7c-aresNot affected
Red Hat Enterprise Linux 8c-aresNot affected
Red Hat Enterprise Linux 8nodejsNot affected
Red Hat Software Collectionsrh-nodejs10-nodejsNot affected
Red Hat Software Collectionsrh-nodejs12-nodejsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-120->CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1866838c-ares: ares_destroy() with pending ares_getaddrinfo() leads to Use-After-Free

EPSS

Процентиль: 41%
0.00188
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-14354

CVSS3: 3.3
ubuntu
около 4 лет назад

A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.

nvd логотип

CVE-2020-14354

CVSS3: 3.3
nvd
около 4 лет назад

A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.

debian логотип

CVE-2020-14354

CVSS3: 3.3
debian
около 4 лет назад

A possible use-after-free and double-free in c-ares lib version 1.16.0 ...

github логотип

GHSA-xxmg-3gv9-85h2

CVSS3: 3.3
github
около 3 лет назад

A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.

fstec логотип

BDU:2021-04594

CVSS3: 3.3
fstec
больше 5 лет назад

Уязвимость функций ares_destroy() и ares_getaddrinfo() библиотеки асинхронных DNS-запросов C-ares, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 41%
0.00188
Низкий

5.9 Medium

CVSS3

Уязвимость CVE-2020-14354