Количество 44
Количество 44
SUSE-SU-2023:2477-1
Security update for libcares2
SUSE-SU-2023:2313-1
Security update for c-ares
ELSA-2023-4034
ELSA-2023-4034: nodejs:16 security update (IMPORTANT)
ELSA-2023-3586
ELSA-2023-3586: nodejs security update (IMPORTANT)
ELSA-2023-3577
ELSA-2023-3577: 18 security update (IMPORTANT)
ELSA-2023-4035
ELSA-2023-4035: nodejs:18 security update (IMPORTANT)
SUSE-SU-2023:2861-1
Security update for nodejs16
SUSE-SU-2023:2663-1
Security update for nodejs16
SUSE-SU-2023:2655-1
Security update for nodejs16
SUSE-SU-2023:2669-1
Security update for nodejs18
SUSE-SU-2023:2662-1
Security update for nodejs18
ELSA-2023-6635
ELSA-2023-6635: c-ares security, bug fix, and enhancement update (MODERATE)
CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1.
CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1.
CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1.
CVE-2023-31147
CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGe ...
ROS-20240404-02
Множественные уязвимости c-ares
CVE-2023-31130
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
CVE-2023-31130
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | SUSE-SU-2023:2477-1 Security update for libcares2 | около 2 лет назад | ||
| SUSE-SU-2023:2313-1 Security update for c-ares | около 2 лет назад | ||
| ELSA-2023-4034 ELSA-2023-4034: nodejs:16 security update (IMPORTANT) | почти 2 года назад | ||
| ELSA-2023-3586 ELSA-2023-3586: nodejs security update (IMPORTANT) | около 2 лет назад | ||
| ELSA-2023-3577 ELSA-2023-3577: 18 security update (IMPORTANT) | около 2 лет назад | ||
| ELSA-2023-4035 ELSA-2023-4035: nodejs:18 security update (IMPORTANT) | почти 2 года назад | ||
| SUSE-SU-2023:2861-1 Security update for nodejs16 | почти 2 года назад | ||
| SUSE-SU-2023:2663-1 Security update for nodejs16 | почти 2 года назад | ||
| SUSE-SU-2023:2655-1 Security update for nodejs16 | почти 2 года назад | ||
| SUSE-SU-2023:2669-1 Security update for nodejs18 | почти 2 года назад | ||
| SUSE-SU-2023:2662-1 Security update for nodejs18 | почти 2 года назад | ||
| ELSA-2023-6635 ELSA-2023-6635: c-ares security, bug fix, and enhancement update (MODERATE) | больше 1 года назад | ||
 | CVE-2023-31147 c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. | CVSS3: 5.9 | 0% Низкий | около 2 лет назад |
 | CVE-2023-31147 c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. | CVSS3: 5.9 | 0% Низкий | около 2 лет назад |
 | CVE-2023-31147 c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. | CVSS3: 5.9 | 0% Низкий | около 2 лет назад |
 | CVSS3: 6.5 | 0% Низкий | около 2 лет назад | |
| CVE-2023-31147 c-ares is an asynchronous resolver library. When /dev/urandom or RtlGe ... | CVSS3: 5.9 | 0% Низкий | около 2 лет назад |
 | ROS-20240404-02 Множественные уязвимости c-ares | CVSS3: 6.4 | около 1 года назад | |
| CVE-2023-31130 c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. | CVSS3: 4.1 | 0% Низкий | около 2 лет назад |
| CVE-2023-31130 c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. | CVSS3: 5.7 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу