Lucene search

K
ubuntuUbuntuUSN-6164-2
HistorySep 11, 2023 - 12:00 a.m.

c-ares vulnerabilities

2023-09-1100:00:00
ubuntu.com
21
c-ares
ubuntu
vulnerabilities
asynchronous
name resolution
ipv6
denial of service
execute arbitrary code
udp
packets

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.4%

Releases

  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM

Packages

  • c-ares - library for asynchronous name resolution

Details

USN-6164-1 fixed several vulnerabilities in c-ares. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Hannes Moesl discovered that c-ares incorrectly handled certain ipv6
addresses. An attacker could use this issue to cause c-ares to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2023-31130)

Xiang Li discovered that c-ares incorrectly handled certain UDP packets. A
remote attacker could possibly use this issue to cause c-res to crash,
resulting in a denial of service. (CVE-2023-32067)

OSVersionArchitecturePackageVersionFilename
Ubuntu18.04noarchlibc-ares2< 1.14.0-1ubuntu0.2+esm1UNKNOWN
Ubuntu18.04noarchlibc-ares-dev< 1.14.0-1ubuntu0.2UNKNOWN
Ubuntu18.04noarchlibc-ares2< 1.14.0-1ubuntu0.2UNKNOWN
Ubuntu18.04noarchlibc-ares2-dbgsym< 1.14.0-1ubuntu0.2UNKNOWN
Ubuntu16.04noarchlibc-ares2< 1.10.0-3ubuntu0.2+esm2UNKNOWN
Ubuntu16.04noarchlibc-ares-dev< 1.10.0-3ubuntu0.2UNKNOWN
Ubuntu16.04noarchlibc-ares2< 1.10.0-3ubuntu0.2UNKNOWN
Ubuntu16.04noarchlibc-ares2-dbgsym< 1.10.0-3ubuntu0.2UNKNOWN

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.4%