Lucene search
GoogleOSV:CVE-2023-31124HistoryMay 25, 2023 - 10:15 p.m.
CVE-2023-31124
2023-05-2522:15:09
Google
osv.dev
7
c-ares
resolver
vulnerability
patch
1.19.1
software
cross-compiling
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.
References
github.com/c-ares/c-ares/releases/tag/cares-1_19_1
github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4
lists.fedoraproject.org/archives/list/[email protected]/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
lists.fedoraproject.org/archives/list/[email protected]/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
security.gentoo.org/glsa/202310-09
Related
amazon
amazon
Low: c-ares
2024-01-19 01:51:00
ubuntucve
ubuntucve
CVE-2023-31124
2023-05-25 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-31124 affecting package c-ares 1.19.0-1
2023-06-27 21:25:25
prion
prion
Cross site scripting
2023-05-25 22:15:00
redhatcve
redhatcve
CVE-2023-31124
2023-05-24 04:11:20
nessus
nessus
Amazon Linux 2 : c-ares (ALAS-2024-2429)
2024-01-23 00:00:00
EulerOS Virtualization 2.11.0 : c-ares (EulerOS-SA-2023-3066)
2024-01-16 00:00:00
EulerOS 2.0 SP11 : c-ares (EulerOS-SA-2023-2833)
2024-01-16 00:00:00
gitlab
gitlab
Use of Insufficiently Random Values
2023-05-25 00:00:00
cvelist
cvelist
cgr
cgr
CVE-2023-31124 vulnerabilities
2024-05-19 03:07:16
debiancve
debiancve
CVE-2023-31124
2023-05-25 22:15:09
cve
cve
CVE-2023-31124
2023-05-25 22:15:09
wolfi
wolfi
CVE-2023-31124 vulnerabilities
2024-06-05 03:07:44
redos
redos
ROS-20240404-02
2024-04-04 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-3066)
2023-10-31 00:00:00
Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-3049)
2023-10-31 00:00:00
Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-2828)
2023-09-20 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
2023-08-30 14:40:17
oraclelinux
oraclelinux
18 security update
2023-06-15 00:00:00
nodejs:16 security update
2023-07-19 00:00:00
c-ares security, bug fix, and enhancement update
2023-11-11 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: c-ares-1.19.1-1.fc37
2023-05-28 02:57:44
[SECURITY] Fedora 38 Update: c-ares-1.19.1-1.fc38
2023-05-26 01:52:50
osv
osv
Important: nodejs:16 security update
2023-08-31 16:54:34
Important: nodejs security update
2023-06-14 00:00:00
Important: nodejs:16 security update
2023-07-12 00:00:00
redhat
redhat
(RHSA-2023:4039) Important: rh-nodejs14-nodejs security update
2023-07-12 07:59:32
(RHSA-2023:4034) Important: nodejs:16 security update
2023-07-12 07:52:13
(RHSA-2023:4036) Important: nodejs security update
2023-07-12 07:52:17
almalinux
almalinux
Important: nodejs:18 security update
2023-06-14 00:00:00
Important: nodejs:16 security update
2023-07-12 00:00:00
Moderate: c-ares security, bug fix, and enhancement update
2023-11-07 00:00:00
slackware
slackware
[slackware-security] c-ares
2023-05-22 19:09:04
gentoo
gentoo
c-ares: Multiple Vulnerabilities
2023-10-08 00:00:00
rocky
rocky
nodejs:16 security update
2023-08-31 16:54:34
nodejs:18 security update
2023-06-24 18:53:41
nodejs:18 security update
2023-08-31 16:54:34
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0084
2023-08-30 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0015
2023-05-29 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0649
2023-09-14 00:00:00
ics
ics
Siemens SINEC NMS
2024-02-15 12:00:00
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47