Количество 54
Количество 54
ROS-20240404-02
Множественные уязвимости c-ares
SUSE-SU-2023:3420-1
Security update for libcares2
SUSE-SU-2023:0486-1
Security update for c-ares
ROS-20230316-01
Уязвимость c-ares
GHSA-v7h6-g695-5j7q
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
ELSA-2023-7116
ELSA-2023-7116: c-ares security update (MODERATE)
BDU:2023-01258
Уязвимость функции ares_set_sortlist библиотеки асинхронных DNS-запросов c-ares, позволяющая нарушителю вызвать отказ в обслуживании или оказать ограниченное влияния на конфиденциальность и целостность
CVE-2023-31130
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
CVE-2023-31130
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
CVE-2023-31130
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
CVE-2023-31130
CVE-2023-31130
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vu ...
RLSA-2023:2655
Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update
ELSA-2023-2655
ELSA-2023-2655: nodejs and nodejs-nodemon security, bug fix, and enhancement update (MODERATE)
RLSA-2023:1743
Important: nodejs:14 security, bug fix, and enhancement update
ELSA-2023-1743
ELSA-2023-1743: nodejs:14 security, bug fix, and enhancement update (IMPORTANT)
BDU:2023-07647
Уязвимость функции ares_inet_net_pton() библиотеки асинхронных DNS-запросов C-ares, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
RLSA-2023:2654
Moderate: nodejs:18 security, bug fix, and enhancement update
RLSA-2023:1582
Moderate: nodejs:16 security, bug fix, and enhancement update
ELSA-2023-2654
ELSA-2023-2654: nodejs:18 security, bug fix, and enhancement update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | ROS-20240404-02 Множественные уязвимости c-ares | CVSS3: 6.4 | больше 1 года назад | |
 | SUSE-SU-2023:3420-1 Security update for libcares2 | 0% Низкий | больше 2 лет назад | |
| SUSE-SU-2023:0486-1 Security update for c-ares | 0% Низкий | почти 3 года назад | |
| ROS-20230316-01 Уязвимость c-ares | CVSS3: 8.6 | 0% Низкий | больше 2 лет назад |
| GHSA-v7h6-g695-5j7q A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. | CVSS3: 8.6 | 0% Низкий | почти 3 года назад |
| ELSA-2023-7116 ELSA-2023-7116: c-ares security update (MODERATE) | около 2 лет назад | ||
 | BDU:2023-01258 Уязвимость функции ares_set_sortlist библиотеки асинхронных DNS-запросов c-ares, позволяющая нарушителю вызвать отказ в обслуживании или оказать ограниченное влияния на конфиденциальность и целостность | CVSS3: 8.6 | 0% Низкий | почти 3 года назад |
 | CVE-2023-31130 c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. | CVSS3: 4.1 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-31130 c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. | CVSS3: 5.7 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-31130 c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. | CVSS3: 4.1 | 0% Низкий | больше 2 лет назад |
 | CVSS3: 6.4 | 0% Низкий | 8 месяцев назад | |
| CVE-2023-31130 c-ares is an asynchronous resolver library. ares_inet_net_pton() is vu ... | CVSS3: 4.1 | 0% Низкий | больше 2 лет назад |
 | RLSA-2023:2655 Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update | больше 2 лет назад | ||
| ELSA-2023-2655 ELSA-2023-2655: nodejs and nodejs-nodemon security, bug fix, and enhancement update (MODERATE) | больше 2 лет назад | ||
| RLSA-2023:1743 Important: nodejs:14 security, bug fix, and enhancement update | больше 2 лет назад | ||
| ELSA-2023-1743 ELSA-2023-1743: nodejs:14 security, bug fix, and enhancement update (IMPORTANT) | больше 2 лет назад | ||
| BDU:2023-07647 Уязвимость функции ares_inet_net_pton() библиотеки асинхронных DNS-запросов C-ares, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании | CVSS3: 6.4 | 0% Низкий | больше 2 лет назад |
| RLSA-2023:2654 Moderate: nodejs:18 security, bug fix, and enhancement update | 11 дней назад | ||
| RLSA-2023:1582 Moderate: nodejs:16 security, bug fix, and enhancement update | больше 2 лет назад | ||
| ELSA-2023-2654 ELSA-2023-2654: nodejs:18 security, bug fix, and enhancement update (MODERATE) | больше 2 лет назад |
Уязвимостей на страницу