Astra Linux - уязвимость в c-ares

Buffer overflow vulnerability in c-ares before 1161 thru 1170 via function aresparsesoareply in aresparsesoareply.c...

CLSA-2026-1776431757 c-ares: Fix of CVE-2022-4904

CVE-2022-4904: fix stack overflow in aressetsortlist due to missing input validation...

AZL-34687 CVE-2024-25629 affecting package fluent-bit for versions less than 3.0.6-1

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

c-ares: Buffer Underwrite in ares_inet_net_pton()

A vulnerability was found in c-ares. This issue occurs in the aresinetnetpton function, which is vulnerable to a buffer underflow for certain ipv6 addresses. "0::00:00:00/2" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which woul...

UBUNTU-CVE-2020-22217

Buffer overflow vulnerability in c-ares before 1161 thru 1170 via function aresparsesoareply in aresparsesoareply.c...

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

0-byte UDP payload DoS in c-ares

...

AZL-43924 CVE-2023-32067 affecting package python-pycares 3.1.1-3

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...

AZL-26871 CVE-2023-31147 affecting package grpc for versions less than 1.42.0-10

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

c-ares 安全特征问题漏洞

c-ares is a C library for asynchronous DNS requests from the individual developers of c-ares. A security vulnerability exists in c-ares versions prior to 1.19.1, which stems from generating predictable output...

DEBIAN-CVE-2017-1000381

The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way...