4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
6.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.5%
c-ares is vulnerable to Buffer Under-read. The vulnerability is due to improper handling of embedded NULL characters as the first character in a new line within certain configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and prior to version 1.27.0, the /etc/hosts file. This can lead to attempting to read memory prior to the start of the given buffer, potentially resulting in a crash.
github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183
github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q
lists.fedoraproject.org/archives/list/[email protected]/message/2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K/
lists.fedoraproject.org/archives/list/[email protected]/message/CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF/
lists.fedoraproject.org/archives/list/[email protected]/message/GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U/
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
secdb.alpinelinux.org/v3.18/main.yaml
secdb.alpinelinux.org/v3.19/main.yaml
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
6.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.5%