9 matches found
MGASA-2024-0051 Updated c-ares packages fix security vulnerabilities
The updated packages fix a security vulnerability: Out of bounds read in aresreadline. CVE-2024-25629...
MGASA-2023-0069 Updated c-ares packages fix security vulnerability
The configsortlist function is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow and thus may cause a denial of service. CVE-2022-4904...
Updated c-ares packages fix security vulnerability
Missing input validation on hostnames returned by DNS servers. CVE-2021-3672...
MGASA-2021-0453 Updated c-ares packages fix security vulnerability
Missing input validation on hostnames returned by DNS servers. CVE-2021-3672...
Important Photon OS Security Update - PHSA-2021-0282
Updates of 'c-ares' packages of Photon OS have been released...
Updated c-ares packages fix security vulnerabilities
Avoid read-heap-buffer-overflow in aresparsesoareply found during fuzzing. Avoid theoretical buffer overflow in RC4 loop comparison. Empty hquery-name could lead to invalid memory access. aresparsea,aaaareply could return a larger naddrttls than was passed in...
MGASA-2021-0007 Updated c-ares packages fix security vulnerabilities
Avoid read-heap-buffer-overflow in aresparsesoareply found during fuzzing. Avoid theoretical buffer overflow in RC4 loop comparison. Empty hquery-name could lead to invalid memory access. aresparsea,aaaareply could return a larger naddrttls than was passed in...
MGASA-2017-0215 Updated c-ares packages fix security vulnerability
The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way CVE-2017-1000381...
MGASA-2016-0351 Updated c-ares packages fix security vulnerability
In c-ares before 1.12.0, When a string is passed in to 'arescreatequery' or 'aresmkquery' and uses an escaped trailing dot, like "hello.", c-ares calculates the string length wrong and subsequently writes outside of the the allocated buffer with one byte. The wrongly written byte is the least...