Lucene search

K
osvGoogleOSV:RLSA-2022:2043
HistoryMay 10, 2022 - 8:14 a.m.

Moderate: c-ares security update

2022-05-1008:14:29
Google
osv.dev
9
c-ares
security update
dns requests
name resolving
cve-2021-3672
domain hijacking
rocky linux 8.6
release notes

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

56.1%

The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API.

Security Fix(es):

  • c-ares: Missing input validation of host names may lead to domain hijacking (CVE-2021-3672)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section.