Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-25629

Опубликовано: 23 фев. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 4.4

Описание

c-ares is a C library for asynchronous DNS requests. ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded NULL character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

not-affected

1.27.0
esm-infra/bionic

released

1.14.0-1ubuntu0.2+esm2
esm-infra/focal

not-affected

1.15.0-1ubuntu0.5
esm-infra/xenial

released

1.10.0-3ubuntu0.2+esm3
focal

released

1.15.0-1ubuntu0.5
jammy

released

1.18.1-1ubuntu0.22.04.3
mantic

released

1.19.1-3ubuntu0.1
trusty

ignored

end of standard support
upstream

released

1.27.0

Показывать по

Ссылки на источники

EPSS

Процентиль: 9%
0.00035
Низкий

4.4 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-25629

CVSS3: 4.4
redhat
больше 1 года назад

c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.

nvd логотип

CVE-2024-25629

CVSS3: 4.4
nvd
больше 1 года назад

c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.

msrc логотип

CVE-2024-25629

CVSS3: 5.5
msrc
8 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-25629

CVSS3: 4.4
debian
больше 1 года назад

c-ares is a C library for asynchronous DNS requests. `ares__read_line( ...

suse-cvrf логотип

SUSE-SU-2024:1136-1

suse-cvrf
около 1 года назад

Security update for c-ares

EPSS

Процентиль: 9%
0.00035
Низкий

4.4 Medium

CVSS3

Уязвимость CVE-2024-25629