Lucene search
PRIOn knowledge basePRION:CVE-2024-25629HistoryFeb 23, 2024 - 3:15 p.m.
Design/Logic Flaw
2024-02-2315:15:00
PRIOn knowledge base
www.prio-n.com
7
c-ares library
asynchronous dns requests
configuration files
null character
buffer overflow
memory crash
security vulnerability
patch available
c-ares is a C library for asynchronous DNS requests. ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded NULL character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.
Related
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : c-ares vulnerability (USN-6676-1)
2024-03-06 00:00:00
Fedora 38 : c-ares (2024-d351e7318e)
2024-04-16 00:00:00
Oracle Linux 9 : c-ares (ELSA-2024-3842)
2024-06-12 00:00:00
osv
osv
c-ares vulnerability
2024-03-06 09:38:49
Low: c-ares security update
2024-06-11 00:00:00
CVE-2024-25629
2024-02-23 15:15:09
fedora
fedora
[SECURITY] Fedora 38 Update: c-ares-1.28.1-1.fc38
2024-04-16 01:58:45
[SECURITY] Fedora 40 Update: c-ares-1.28.1-1.fc40
2024-04-19 21:40:06
[SECURITY] Fedora 39 Update: c-ares-1.28.1-1.fc39
2024-04-16 02:26:25
almalinux
almalinux
Low: c-ares security update
2024-06-11 00:00:00
Important: nodejs:18 security update
2024-05-09 00:00:00
Important: nodejs security update
2024-05-20 00:00:00
cvelist
cvelist
CVE-2024-25629 c-ares out of bounds read in ares__read_line()
2024-02-23 14:52:24
cbl_mariner
cbl_mariner
CVE-2024-25629 affecting package fluent-bit for versions less than 2.2.3-1
2024-05-29 00:21:27
CVE-2024-25629 affecting package nodejs18 for versions less than 18.20.2-1
2024-05-06 17:48:02
CVE-2024-25629 affecting package nodejs for versions less than 20.14.0-1
2024-06-21 09:32:44
debiancve
debiancve
CVE-2024-25629
2024-02-23 15:15:09
alpinelinux
alpinelinux
CVE-2024-25629
2024-02-23 15:15:09
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:1135-1)
2024-05-07 00:00:00
Fedora: Security Advisory for c-ares (FEDORA-2024-835800b552)
2024-05-27 00:00:00
Fedora: Security Advisory for c-ares (FEDORA-2024-d351e7318e)
2024-05-27 00:00:00
oraclelinux
oraclelinux
c-ares security update
2024-06-11 00:00:00
nodejs:20 security update
2024-05-09 00:00:00
nodejs security update
2024-05-22 00:00:00
cve
cve
CVE-2024-25629
2024-02-23 15:15:09
ibm
ibm
redhatcve
redhatcve
CVE-2024-25629
2024-02-23 19:31:57
nvd
nvd
CVE-2024-25629
2024-02-23 15:15:09
ubuntucve
ubuntucve
CVE-2024-25629
2024-02-23 00:00:00
freebsd
freebsd
dns/c-ares -- malformatted file causes application crash
2024-02-23 00:00:00
amazon
amazon
Medium: c-ares
2024-03-13 20:26:00
redos
redos
ROS-20240410-04
2024-04-10 00:00:00
wolfi
wolfi
CVE-2024-25629 vulnerabilities
2024-06-24 09:08:26
mageia
mageia
Updated c-ares packages fix security vulnerabilitie
2024-02-28 08:47:52
ubuntu
ubuntu
c-ares vulnerability
2024-03-06 00:00:00
cgr
cgr
CVE-2024-25629 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Buffer Under-read
2024-04-11 00:37:09
photon
photon
Moderate Photon OS Security Update - PHSA-2024-3.0-0733
2024-02-29 00:00:00
Moderate Photon OS Security Update - PHSA-2024-5.0-0217
2024-03-01 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0574
2024-02-29 00:00:00
redhat
redhat
(RHSA-2024:2910) Important: nodejs security update
2024-05-20 01:02:30
(RHSA-2024:2779) Important: nodejs:18 security update
2024-05-09 05:32:17
(RHSA-2024:2778) Important: nodejs:20 security update
2024-05-09 05:32:10
rocky
rocky
nodejs:18 security update
2024-05-09 18:51:51
nodejs:18 security update
2024-05-09 18:50:42
nodejs:20 security update
2024-05-09 18:50:42