8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
9.1 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
52.2%
Software: c-ares 1.13.0
OS: ROSA Virtualization 2.1
package_evr_string: c-ares-1.13.0-5.rv3.src.rpm
CVE-ID: CVE-2021-3672
BDU-ID: 2022-00342
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the SI library for DNS c-ares asynchronous queries is associated with failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, compromise its integrity, and cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update c-ares command
CVE-ID: CVE-2022-4904
BDU-ID: 2023-01258
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the ares_set_sortlist function of the c-ares asynchronous DNS query library is related to the lack of input string validation, allowing a possible stack overflow of arbitrary length. Exploitation of the vulnerability could allow an attacker to cause a denial of service or have limited impact on confidentiality and integrity
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update c-ares command
CVE-ID: CVE-2023-32067
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: c-ares is an asynchronous converter library. c-ares is vulnerable to denial of service. If the target inverter sends a request, the attacker forges a garbled UDP packet of length 0 and returns it to the target inverter. The target converter mistakenly interprets length 0 as a valid connection termination.
CVE-STATUS: Fixed
CVE-REV: Run the yum update c-ares command to close.
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
9.1 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
52.2%