Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:4249

Опубликовано: 07 мая 2025
Источник: rocky
Оценка: Low

Описание

Low: c-ares security update

The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API.

Security Fix(es):

  • c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
c-aresx86_6411.el8_10c-ares-1.13.0-11.el8_10.x86_64.rpm
c-ares-develx86_6411.el8_10c-ares-devel-1.13.0-11.el8_10.x86_64.rpm

Показывать по

Связанные CVE

CVE-2024-25629

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2024-25629

CVSS3: 4.4
ubuntu
больше 1 года назад

c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.

redhat логотип

CVE-2024-25629

CVSS3: 4.4
redhat
больше 1 года назад

c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.

nvd логотип

CVE-2024-25629

CVSS3: 4.4
nvd
больше 1 года назад

c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.

msrc логотип

CVE-2024-25629

CVSS3: 5.5
msrc
8 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-25629

CVSS3: 4.4
debian
больше 1 года назад

c-ares is a C library for asynchronous DNS requests. `ares__read_line( ...