8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
34.6%
software: c-ares 1.18.1
OS: ROSA-CHROME
package_evr_string: c-ares-1.18.1-2.src.rpm
CVE-ID: CVE-2022-4904
BDU-ID: 2023-01258
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the ares_set_sortlist function of the c-ares asynchronous DNS query library is related to a lack of input string validation, allowing a possible stack overflow of arbitrary length. Exploitation of the vulnerability could allow an attacker to cause a denial of service or have limited impact on confidentiality and integrity
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update c-ares
CVE-ID: CVE-2023-31130
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: c-ares is an asynchronous converter library. ares_inet_net_pton() is vulnerable to buffer emptying for certain ipv6 addresses, in particular “0::00:00:00:00:00/2” was found to cause the problem. C-ares only uses this function for internal configuration purposes, which would require an administrator to configure such an address using ares_set_sortlist(). However, users may use ares_inet_net_pton() externally for other purposes and thus be subject to more serious problems.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update c-ares
CVE-ID: CVE-2023-32067
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: c-ares is an asynchronous converter library. c-ares is vulnerable to denial of service. If the target inverter sends a request, the attacker forges a garbled UDP packet of length 0 and returns it to the target inverter. The target converter mistakenly interprets length 0 as a valid connection termination.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update c-ares
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
34.6%