VulnerableCode Package Details - pkg:ebuild/net-dns/c-ares@1.19.0

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1xdz-dku3-qqc4	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.	CVE-2021-3672
VCID-53xm-8w84-93cx	Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.	CVE-2021-22930
VCID-5vh6-usw6-2qhy	Improper Input Validation A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.	CVE-2022-4904
VCID-7cth-47w2-17hy	Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.	CVE-2021-22940
VCID-9g7s-y7nq-xfbb	Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.	CVE-2021-22939
VCID-ap4u-dkwx-1kb3	Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.	CVE-2021-22931

Vulnerability

Summary

Aliases

VCID-1xdz-dku3-qqc4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

CVE-2021-3672

VCID-53xm-8w84-93cx

Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.

CVE-2021-22930

VCID-5vh6-usw6-2qhy

Improper Input Validation A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.

CVE-2022-4904

VCID-7cth-47w2-17hy

Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.

CVE-2021-22940

VCID-9g7s-y7nq-xfbb

Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.

CVE-2021-22939

VCID-ap4u-dkwx-1kb3

Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.

CVE-2021-22931

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:00:47.066596+00:00	Gentoo Importer	Fixing	VCID-5vh6-usw6-2qhy	https://security.gentoo.org/glsa/202401-02	38.0.0
2026-04-01T13:00:47.057503+00:00	Gentoo Importer	Fixing	VCID-7cth-47w2-17hy	https://security.gentoo.org/glsa/202401-02	38.0.0
2026-04-01T13:00:47.044300+00:00	Gentoo Importer	Fixing	VCID-9g7s-y7nq-xfbb	https://security.gentoo.org/glsa/202401-02	38.0.0
2026-04-01T13:00:47.032516+00:00	Gentoo Importer	Fixing	VCID-ap4u-dkwx-1kb3	https://security.gentoo.org/glsa/202401-02	38.0.0
2026-04-01T13:00:47.018637+00:00	Gentoo Importer	Fixing	VCID-53xm-8w84-93cx	https://security.gentoo.org/glsa/202401-02	38.0.0
2026-04-01T13:00:47.006258+00:00	Gentoo Importer	Fixing	VCID-1xdz-dku3-qqc4	https://security.gentoo.org/glsa/202401-02	38.0.0