A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
[
{
"vendor": "n/a",
"product": "c-ares",
"versions": [
{
"version": "unknown",
"status": "affected"
}
]
}
]