Lucene search

K
ubuntuUbuntuUSN-6676-1
HistoryMar 06, 2024 - 12:00 a.m.

c-ares vulnerability

2024-03-0600:00:00
ubuntu.com
20
c-ares vulnerability
ubuntu
denial of service
user input
configuration files

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

Releases

  • Ubuntu 23.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM

Packages

  • c-ares - library for asynchronous name resolution

Details

Vojtěch Vobr discovered that c-ares incorrectly handled user input from
local configuration files. An attacker could possibly use this issue to
cause a denial of service via application crash.

OSVersionArchitecturePackageVersionFilename
Ubuntu23.10noarchlibc-ares2< 1.19.1-3ubuntu0.1UNKNOWN
Ubuntu23.10noarchlibc-ares-dev< 1.19.1-3ubuntu0.1UNKNOWN
Ubuntu23.10noarchlibc-ares2-dbgsym< 1.19.1-3ubuntu0.1UNKNOWN
Ubuntu22.04noarchlibc-ares2< 1.18.1-1ubuntu0.22.04.3UNKNOWN
Ubuntu22.04noarchlibc-ares-dev< 1.18.1-1ubuntu0.22.04.3UNKNOWN
Ubuntu22.04noarchlibc-ares2-dbgsym< 1.18.1-1ubuntu0.22.04.3UNKNOWN
Ubuntu20.04noarchlibc-ares2< 1.15.0-1ubuntu0.5UNKNOWN
Ubuntu20.04noarchlibc-ares-dev< 1.15.0-1ubuntu0.5UNKNOWN
Ubuntu20.04noarchlibc-ares2-dbgsym< 1.15.0-1ubuntu0.5UNKNOWN
Ubuntu18.04noarchlibc-ares2< 1.14.0-1ubuntu0.2+esm2UNKNOWN
Rows per page:
1-10 of 171

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%