Lucene search

K
prionPRIOn knowledge basePRION:CVE-2024-25629
HistoryFeb 23, 2024 - 3:15 p.m.

Design/Logic Flaw

2024-02-2315:15:00
PRIOn knowledge base
www.prio-n.com
7
c-ares library
asynchronous dns requests
configuration files
null character
buffer overflow
memory crash
security vulnerability
patch available

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.6%

c-ares is a C library for asynchronous DNS requests. ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded NULL character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.