6.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
Low
3.4 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:M/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
18.9%
Vulnerability of ares_inet_net_pton() function of C-ares asynchronous DNS query library is related to violation of the initial buffer boundary.
the initial buffer boundary. Exploitation of the vulnerability could allow an attacker to gain access to
confidential data, violate its integrity, and cause a denial of service
Vulnerability in autotools CARES_RANDOM_FILE component of C-ares asynchronous DNS queries library is related to
The use of rand() as a fallback, which could allow an attacker to take advantage of the lack of entropy without having to use rand().
exploit the lack of entropy without using CSPRNG. Exploitation of the vulnerability could allow
An attacker acting remotely to disclose protected information
6.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
Low
3.4 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:M/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
18.9%