Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-31124HistoryMay 25, 2023 - 10:15 p.m.
CVE-2023-31124
2023-05-2522:15:09
Debian Security Bug Tracker
security-tracker.debian.org
11
cares_random_file not set aarch64 android unix entropy csprng
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | c-ares | <= 1.18.1-3 | c-ares_1.18.1-3_all.deb |
| Debian | 11 | all | c-ares | <= 1.17.1-1+deb11u3 | c-ares_1.17.1-1+deb11u3_all.deb |
| Debian | 10 | all | c-ares | <= 1.14.0-1+deb10u1 | c-ares_1.14.0-1+deb10u1_all.deb |
| Debian | 999 | all | c-ares | < 1.19.1-2 | c-ares_1.19.1-2_all.deb |
| Debian | 13 | all | c-ares | < 1.19.1-2 | c-ares_1.19.1-2_all.deb |
Related
amazon
amazon
Low: c-ares
2024-01-19 01:51:00
osv
osv
CVE-2023-31124
2023-05-25 22:15:09
Important: nodejs:16 security update
2023-08-31 16:54:34
Important: nodejs security update
2023-06-14 00:00:00
ubuntucve
ubuntucve
CVE-2023-31124
2023-05-25 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-31124 affecting package c-ares 1.19.0-1
2023-06-27 21:25:25
prion
prion
Cross site scripting
2023-05-25 22:15:00
nessus
nessus
Amazon Linux 2 : c-ares (ALAS-2024-2429)
2024-01-23 00:00:00
EulerOS Virtualization 2.11.0 : c-ares (EulerOS-SA-2023-3066)
2024-01-16 00:00:00
EulerOS 2.0 SP11 : c-ares (EulerOS-SA-2023-2833)
2024-01-16 00:00:00
gitlab
gitlab
Use of Insufficiently Random Values
2023-05-25 00:00:00
redhatcve
redhatcve
CVE-2023-31124
2023-05-24 04:11:20
cvelist
cvelist
cgr
cgr
CVE-2023-31124 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2023-31124
2023-05-25 22:15:09
wolfi
wolfi
CVE-2023-31124 vulnerabilities
2024-06-03 21:07:43
openvas
openvas
Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-3049)
2023-10-31 00:00:00
Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-2828)
2023-09-20 00:00:00
Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-3066)
2023-10-31 00:00:00
redos
redos
ROS-20240404-02
2024-04-04 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
2023-08-30 14:40:17
almalinux
almalinux
Important: nodejs:18 security update
2023-06-14 00:00:00
Important: nodejs:16 security update
2023-07-12 00:00:00
Moderate: c-ares security, bug fix, and enhancement update
2023-11-07 00:00:00
oraclelinux
oraclelinux
18 security update
2023-06-15 00:00:00
nodejs:16 security update
2023-07-19 00:00:00
c-ares security, bug fix, and enhancement update
2023-11-11 00:00:00
redhat
redhat
(RHSA-2023:4039) Important: rh-nodejs14-nodejs security update
2023-07-12 07:59:32
(RHSA-2023:4034) Important: nodejs:16 security update
2023-07-12 07:52:13
(RHSA-2023:3586) Important: nodejs security update
2023-06-14 07:57:52
fedora
fedora
[SECURITY] Fedora 37 Update: c-ares-1.19.1-1.fc37
2023-05-28 02:57:44
[SECURITY] Fedora 38 Update: c-ares-1.19.1-1.fc38
2023-05-26 01:52:50
slackware
slackware
[slackware-security] c-ares
2023-05-22 19:09:04
gentoo
gentoo
c-ares: Multiple Vulnerabilities
2023-10-08 00:00:00
rocky
rocky
nodejs:16 security update
2023-08-31 16:54:34
nodejs:18 security update
2023-06-24 18:53:41
nodejs:18 security update
2023-08-31 16:54:34
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0084
2023-08-30 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0015
2023-05-29 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0649
2023-09-14 00:00:00
ics
ics
Siemens SINEC NMS
2024-02-15 12:00:00
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
5.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.5%
Related for DEBIANCVE:CVE-2023-31124