Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2024-25629

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 23 Ρ„Π΅Π². 2024
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: ubuntu
ΠŸΡ€ΠΈΠΎΡ€ΠΈΡ‚Π΅Ρ‚: medium
EPSS Низкий
CVSS3: 4.4

ОписаниС

c-ares is a C library for asynchronous DNS requests. ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded NULL character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

ignored

end of standard support
devel

not-affected

1.27.0
esm-infra/bionic

released

1.14.0-1ubuntu0.2+esm2
esm-infra/focal

released

1.15.0-1ubuntu0.5
esm-infra/xenial

released

1.10.0-3ubuntu0.2+esm3
focal

released

1.15.0-1ubuntu0.5
jammy

released

1.18.1-1ubuntu0.22.04.3
mantic

released

1.19.1-3ubuntu0.1
trusty

ignored

end of standard support
upstream

released

1.27.0

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 10%
0.00035
Низкий

4.4 Medium

CVSS3

БвязанныС уязвимости

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2024-25629

CVSS3: 4.4
redhat
ΠΏΠΎΡ‡Ρ‚ΠΈ 2 Π³ΠΎΠ΄Π° Π½Π°Π·Π°Π΄

c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2024-25629

CVSS3: 4.4
nvd
ΠΏΠΎΡ‡Ρ‚ΠΈ 2 Π³ΠΎΠ΄Π° Π½Π°Π·Π°Π΄

c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.

msrc Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2024-25629

CVSS3: 5.5
msrc
большС 1 года назад

ОписаниС отсутствуСт

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2024-25629

CVSS3: 4.4
debian
ΠΏΠΎΡ‡Ρ‚ΠΈ 2 Π³ΠΎΠ΄Π° Π½Π°Π·Π°Π΄

c-ares is a C library for asynchronous DNS requests. `ares__read_line( ...

suse-cvrf Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

SUSE-SU-2024:1136-1

suse-cvrf
ΠΏΠΎΡ‡Ρ‚ΠΈ 2 Π³ΠΎΠ΄Π° Π½Π°Π·Π°Π΄

Security update for c-ares

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 10%
0.00035
Низкий

4.4 Medium

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2024-25629