Search for packages
| purl | pkg:conan/c-ares@1.18.1 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.9 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7d9v-uz7u-aaag
Aliases: CVE-2023-32067 GHSA-9g78-jv2r-p7vc |
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. |
Affected by 0 other vulnerabilities. |
|
VCID-bukj-6xnc-aaar
Aliases: CVE-2022-4904 |
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. |
Affected by 4 other vulnerabilities. |
|
VCID-dq5b-2fna-aaab
Aliases: CVE-2023-31130 GHSA-x6mf-cxr9-8q6v |
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. |
Affected by 0 other vulnerabilities. |
|
VCID-jvyw-e7te-aaam
Aliases: CVE-2023-31147 GHSA-8r8p-23f3-64c2 |
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. |
Affected by 0 other vulnerabilities. |
|
VCID-se1r-ejvf-aaar
Aliases: CVE-2023-31124 GHSA-54xr-f67r-4pc4 |
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-04-24T03:45:22.832864+00:00 | GitLab Importer | Affected by | VCID-7d9v-uz7u-aaag | None | 34.0.0rc4 |
| 2024-04-24T03:45:22.729607+00:00 | GitLab Importer | Affected by | VCID-7d9v-uz7u-aaag | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/c-ares/CVE-2023-32067.yml | 34.0.0rc4 |
| 2024-04-24T03:45:17.670541+00:00 | GitLab Importer | Affected by | VCID-jvyw-e7te-aaam | None | 34.0.0rc4 |
| 2024-04-24T03:45:17.570711+00:00 | GitLab Importer | Affected by | VCID-jvyw-e7te-aaam | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/c-ares/CVE-2023-31147.yml | 34.0.0rc4 |
| 2024-04-24T03:45:02.447945+00:00 | GitLab Importer | Affected by | VCID-dq5b-2fna-aaab | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/c-ares/CVE-2023-31130.yml | 34.0.0rc4 |
| 2024-04-24T03:45:02.357874+00:00 | GitLab Importer | Affected by | VCID-dq5b-2fna-aaab | None | 34.0.0rc4 |
| 2024-04-24T03:45:01.744957+00:00 | GitLab Importer | Affected by | VCID-se1r-ejvf-aaar | None | 34.0.0rc4 |
| 2024-04-24T03:45:01.641452+00:00 | GitLab Importer | Affected by | VCID-se1r-ejvf-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/c-ares/CVE-2023-31124.yml | 34.0.0rc4 |
| 2024-04-24T02:35:47.666743+00:00 | GitLab Importer | Affected by | VCID-bukj-6xnc-aaar | None | 34.0.0rc4 |
| 2024-04-24T02:35:47.566462+00:00 | GitLab Importer | Affected by | VCID-bukj-6xnc-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/c-ares/CVE-2022-4904.yml | 34.0.0rc4 |
| 2024-01-10T06:26:52.707034+00:00 | GitLab Importer | Affected by | VCID-7d9v-uz7u-aaag | None | 34.0.0rc2 |
| 2024-01-10T06:26:52.585937+00:00 | GitLab Importer | Affected by | VCID-7d9v-uz7u-aaag | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/c-ares/CVE-2023-32067.yml | 34.0.0rc2 |
| 2024-01-10T06:26:47.450013+00:00 | GitLab Importer | Affected by | VCID-jvyw-e7te-aaam | None | 34.0.0rc2 |
| 2024-01-10T06:26:47.324846+00:00 | GitLab Importer | Affected by | VCID-jvyw-e7te-aaam | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/c-ares/CVE-2023-31147.yml | 34.0.0rc2 |
| 2024-01-10T06:26:31.943229+00:00 | GitLab Importer | Affected by | VCID-dq5b-2fna-aaab | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/c-ares/CVE-2023-31130.yml | 34.0.0rc2 |
| 2024-01-10T06:26:31.822685+00:00 | GitLab Importer | Affected by | VCID-dq5b-2fna-aaab | None | 34.0.0rc2 |
| 2024-01-10T06:26:31.219186+00:00 | GitLab Importer | Affected by | VCID-se1r-ejvf-aaar | None | 34.0.0rc2 |
| 2024-01-10T06:26:31.083305+00:00 | GitLab Importer | Affected by | VCID-se1r-ejvf-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/c-ares/CVE-2023-31124.yml | 34.0.0rc2 |
| 2024-01-10T05:11:13.091961+00:00 | GitLab Importer | Affected by | VCID-bukj-6xnc-aaar | None | 34.0.0rc2 |
| 2024-01-10T05:11:12.968497+00:00 | GitLab Importer | Affected by | VCID-bukj-6xnc-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/c-ares/CVE-2022-4904.yml | 34.0.0rc2 |
| 2024-01-03T23:13:21.381568+00:00 | GitLab Importer | Affected by | VCID-7d9v-uz7u-aaag | None | 34.0.0rc1 |
| 2024-01-03T23:13:21.251275+00:00 | GitLab Importer | Affected by | VCID-7d9v-uz7u-aaag | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/c-ares/CVE-2023-32067.yml | 34.0.0rc1 |
| 2024-01-03T23:13:15.872516+00:00 | GitLab Importer | Affected by | VCID-jvyw-e7te-aaam | None | 34.0.0rc1 |
| 2024-01-03T23:13:15.743480+00:00 | GitLab Importer | Affected by | VCID-jvyw-e7te-aaam | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/c-ares/CVE-2023-31147.yml | 34.0.0rc1 |
| 2024-01-03T23:13:00.407479+00:00 | GitLab Importer | Affected by | VCID-dq5b-2fna-aaab | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/c-ares/CVE-2023-31130.yml | 34.0.0rc1 |
| 2024-01-03T23:13:00.284450+00:00 | GitLab Importer | Affected by | VCID-dq5b-2fna-aaab | None | 34.0.0rc1 |
| 2024-01-03T23:12:58.970050+00:00 | GitLab Importer | Affected by | VCID-se1r-ejvf-aaar | None | 34.0.0rc1 |
| 2024-01-03T23:12:58.838030+00:00 | GitLab Importer | Affected by | VCID-se1r-ejvf-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/c-ares/CVE-2023-31124.yml | 34.0.0rc1 |
| 2024-01-03T21:58:58.473305+00:00 | GitLab Importer | Affected by | VCID-bukj-6xnc-aaar | None | 34.0.0rc1 |
| 2024-01-03T21:58:58.346155+00:00 | GitLab Importer | Affected by | VCID-bukj-6xnc-aaar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/c-ares/CVE-2022-4904.yml | 34.0.0rc1 |