Описание
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | c-ares | Out of support scope | ||
| Red Hat Enterprise Linux 7 | c-ares | Fixed | RHSA-2023:3741 | 21.06.2023 |
| Red Hat Enterprise Linux 8 | nodejs | Fixed | RHSA-2023:4034 | 12.07.2023 |
| Red Hat Enterprise Linux 8 | nodejs | Fixed | RHSA-2023:4035 | 12.07.2023 |
| Red Hat Enterprise Linux 8 | c-ares | Fixed | RHSA-2023:3584 | 14.06.2023 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | c-ares | Fixed | RHSA-2023:3665 | 19.06.2023 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | c-ares | Fixed | RHSA-2023:3660 | 19.06.2023 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | c-ares | Fixed | RHSA-2023:3660 | 19.06.2023 |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | c-ares | Fixed | RHSA-2023:3660 | 19.06.2023 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | c-ares | Fixed | RHSA-2023:3677 | 20.06.2023 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
c-ares is an asynchronous resolver library. c-ares is vulnerable to de ...
7.5 High
CVSS3