Search for vulnerabilities
Vulnerability details: VCID-7d9v-uz7u-aaag
Vulnerability ID VCID-7d9v-uz7u-aaag
Aliases CVE-2023-32067
GHSA-9g78-jv2r-p7vc
Summary c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-400 Uncontrolled Resource Consumption
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32067.json
epss 0.00130 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.02862 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.02862 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.02862 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.02862 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.02862 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.02862 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.02862 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.02862 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.02862 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.02862 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.02862 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.02862 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.02862 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.02862 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.04647 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-32067
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-32067
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32067.json
https://api.first.org/data/v1/epss?cve=CVE-2023-32067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
https://security.netapp.com/advisory/ntap-20240605-0004/
https://www.debian.org/security/2023/dsa-5419
2209502 https://bugzilla.redhat.com/show_bug.cgi?id=2209502
cpe:2.3:a:c-ares_project:c-ares:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:c-ares_project:c-ares:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067
GLSA-202310-09 https://security.gentoo.org/glsa/202310-09
RHSA-2023:3559 https://access.redhat.com/errata/RHSA-2023:3559
RHSA-2023:3577 https://access.redhat.com/errata/RHSA-2023:3577
RHSA-2023:3583 https://access.redhat.com/errata/RHSA-2023:3583
RHSA-2023:3584 https://access.redhat.com/errata/RHSA-2023:3584
RHSA-2023:3586 https://access.redhat.com/errata/RHSA-2023:3586
RHSA-2023:3660 https://access.redhat.com/errata/RHSA-2023:3660
RHSA-2023:3662 https://access.redhat.com/errata/RHSA-2023:3662
RHSA-2023:3665 https://access.redhat.com/errata/RHSA-2023:3665
RHSA-2023:3677 https://access.redhat.com/errata/RHSA-2023:3677
RHSA-2023:3741 https://access.redhat.com/errata/RHSA-2023:3741
RHSA-2023:4033 https://access.redhat.com/errata/RHSA-2023:4033
RHSA-2023:4034 https://access.redhat.com/errata/RHSA-2023:4034
RHSA-2023:4035 https://access.redhat.com/errata/RHSA-2023:4035
RHSA-2023:4036 https://access.redhat.com/errata/RHSA-2023:4036
RHSA-2023:4039 https://access.redhat.com/errata/RHSA-2023:4039
USN-6164-1 https://usn.ubuntu.com/6164-1/
USN-6164-2 https://usn.ubuntu.com/6164-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32067.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-32067
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-32067
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.48904
EPSS Score 0.00130
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.