Lucene search

K
redhatRedHatRHSA-2023:7207
HistoryNov 14, 2023 - 4:23 p.m.

(RHSA-2023:7207) Moderate: c-ares security update

2023-11-1416:23:45
access.redhat.com
23
c-ares
dns requests
security update
heap buffer over read
buffer underwrite
cvss score

7.5 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.4%

The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API.

Security Fix(es):

  • c-ares: Heap buffer over read in ares_parse_soa_reply (CVE-2020-22217)

  • c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.