AlmaLinux 9 : nodejs:18 (ALSA-2023:3577)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3577 advisory. c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 c-ares: Insufficient randomness in...

AlmaLinux 9 : c-ares (ALSA-2023:3559)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:3559 advisory. - c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP...

Oracle Linux 9 : c-ares (ELSA-2023-3559)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3559 advisory. 1.17.1-5.1 - Resolves: rhbz2209519 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service rhel-9.2.0.z Tenable has extracted the preceding description...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : c-ares vulnerabilities (USN-6164-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6164-1 advisory. Hannes Moesl discovered that c-ares incorrectly handled certain ipv6 addresses. An attacker could use this issue to cause c-ares to...

EulerOS Virtualization 2.11.1 : bind (EulerOS-SA-2023-2053)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance,...

Debian: Security Advisory (DSA-5419-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for dhcp (EulerOS-SA-2023-2087)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-2053)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.0 : bind (EulerOS-SA-2023-2105)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance,...

Denial Of Service (DoS)

libcurl.so is vulnerable to Denial of Service DoS attacks. Although libcurl offers a number of backends for resolving host names, name resolves may time out if built to use the synchronous resolver to slowdown operations with alert and siglongjmp, resulting in multi-threaded application showing...

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names selected at build time. If it is built to use the synchronous resolver it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.

...

CVE-2023-28320

A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...

AZL-26793 CVE-2023-28320 affecting package curl for versions less than 8.2.1-1

A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...

ALPINE-CVE-2023-28320

A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...

DEBIAN-CVE-2023-28320

A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...

AZL-34605 CVE-2023-28320 affecting package cmake for versions less than 3.28.2-1

A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...

AZL-26790 CVE-2023-28320 affecting package cmake for versions less than 3.21.4-11

A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...

AZL-38926 CVE-2023-28320 affecting package tensorflow for versions less than 2.16.1-1

A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...

AZL-26809 CVE-2023-28320 affecting package mysql for versions less than 8.0.34-1

A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...

CVE-2023-28320

A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...