Описание
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 1.18.1-3 |
| esm-infra/bionic | released | 1.14.0-1ubuntu0.2+esm1 |
| esm-infra/focal | not-affected | 1.15.0-1ubuntu0.3 |
| esm-infra/xenial | released | 1.10.0-3ubuntu0.2+esm2 |
| focal | released | 1.15.0-1ubuntu0.3 |
| jammy | released | 1.18.1-1ubuntu0.22.04.2 |
| kinetic | released | 1.18.1-1ubuntu0.22.10.2 |
| lunar | released | 1.18.1-2ubuntu0.1 |
| mantic | not-affected | 1.18.1-3 |
Показывать по
EPSS
7.5 High
CVSS3
Связанные уязвимости
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
c-ares is an asynchronous resolver library. c-ares is vulnerable to de ...
EPSS
7.5 High
CVSS3