c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.

c-ares is an asynchronous resolver library. When cross-compiling c-are ...

Уязвимость компонента autotools CARES_RANDOM_FILE библиотеки асинхронных DNS-запросов C-ares, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

Множественные уязвимости c-ares

Security update for libcares2

Security update for c-ares

ELSA-2023-6635: c-ares security, bug fix, and enhancement update (MODERATE)

ELSA-2023-4034: nodejs:16 security update (IMPORTANT)

ELSA-2023-3586: nodejs security update (IMPORTANT)

ELSA-2023-3577: 18 security update (IMPORTANT)

ELSA-2023-4035: nodejs:18 security update (IMPORTANT)

Security update for nodejs16

Security update for nodejs16

Security update for nodejs16

Security update for nodejs18

Security update for nodejs18