Описание
c-ares is a C library for asynchronous DNS requests. ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded NULL character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | 1.27.0 |
| esm-infra/bionic | released | 1.14.0-1ubuntu0.2+esm2 |
| esm-infra/focal | released | 1.15.0-1ubuntu0.5 |
| esm-infra/xenial | released | 1.10.0-3ubuntu0.2+esm3 |
| focal | released | 1.15.0-1ubuntu0.5 |
| jammy | released | 1.18.1-1ubuntu0.22.04.3 |
| mantic | released | 1.19.1-3ubuntu0.1 |
| trusty | ignored | end of standard support |
| upstream | released | 1.27.0 |
Показывать по
4.4 Medium
CVSS3
Связанные уязвимости
c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.
c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.
c-ares is a C library for asynchronous DNS requests. `ares__read_line( ...
4.4 Medium
CVSS3