Описание
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | pending | 1.34.6-1 |
| esm-infra/bionic | not-affected | |
| esm-infra/focal | not-affected | |
| esm-infra/xenial | not-affected | |
| jammy | not-affected | 1.18.1-1ubuntu0.22.04.3 |
| noble | not-affected | 1.27.0-1.0ubuntu1 |
| plucky | released | 1.34.4-2.1ubuntu0.2 |
| questing | released | 1.34.5-1ubuntu0.1 |
| upstream | released | 1.34.6-1 |
Показывать по
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.
c-ares has a Use After Free vulnerability when connection is cleaned up after error
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1. ...
EPSS
5.9 Medium
CVSS3