Search for vulnerabilities
Vulnerability details: VCID-meaf-ex7v-yya8
Vulnerability ID VCID-meaf-ex7v-yya8
Aliases CVE-2023-32067
GHSA-9g78-jv2r-p7vc
Summary c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-400 Uncontrolled Resource Consumption
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32067.json
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
epss 0.00323 https://api.first.org/data/v1/epss?cve=CVE-2023-32067
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
ssvc Track https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
cvssv3.1 7.5 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
ssvc Track https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-32067
cvssv3.1 7.5 https://security.gentoo.org/glsa/202310-09
ssvc Track https://security.gentoo.org/glsa/202310-09
cvssv3.1 7.5 https://security.netapp.com/advisory/ntap-20240605-0004/
ssvc Track https://security.netapp.com/advisory/ntap-20240605-0004/
cvssv3.1 7.5 https://www.debian.org/security/2023/dsa-5419
ssvc Track https://www.debian.org/security/2023/dsa-5419
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32067.json
https://api.first.org/data/v1/epss?cve=CVE-2023-32067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
202310-09 https://security.gentoo.org/glsa/202310-09
2209502 https://bugzilla.redhat.com/show_bug.cgi?id=2209502
cpe:2.3:a:c-ares_project:c-ares:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:c-ares_project:c-ares:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067
dsa-5419 https://www.debian.org/security/2023/dsa-5419
GHSA-9g78-jv2r-p7vc https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
msg00034.html https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html
ntap-20240605-0004 https://security.netapp.com/advisory/ntap-20240605-0004/
RHSA-2023:3559 https://access.redhat.com/errata/RHSA-2023:3559
RHSA-2023:3577 https://access.redhat.com/errata/RHSA-2023:3577
RHSA-2023:3583 https://access.redhat.com/errata/RHSA-2023:3583
RHSA-2023:3584 https://access.redhat.com/errata/RHSA-2023:3584
RHSA-2023:3586 https://access.redhat.com/errata/RHSA-2023:3586
RHSA-2023:3660 https://access.redhat.com/errata/RHSA-2023:3660
RHSA-2023:3662 https://access.redhat.com/errata/RHSA-2023:3662
RHSA-2023:3665 https://access.redhat.com/errata/RHSA-2023:3665
RHSA-2023:3677 https://access.redhat.com/errata/RHSA-2023:3677
RHSA-2023:3741 https://access.redhat.com/errata/RHSA-2023:3741
RHSA-2023:4033 https://access.redhat.com/errata/RHSA-2023:4033
RHSA-2023:4034 https://access.redhat.com/errata/RHSA-2023:4034
RHSA-2023:4035 https://access.redhat.com/errata/RHSA-2023:4035
RHSA-2023:4036 https://access.redhat.com/errata/RHSA-2023:4036
RHSA-2023:4039 https://access.redhat.com/errata/RHSA-2023:4039
USN-6164-1 https://usn.ubuntu.com/6164-1/
USN-6164-2 https://usn.ubuntu.com/6164-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32067.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/ Found at https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/ Found at https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/ Found at https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-32067
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202310-09
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/ Found at https://security.gentoo.org/glsa/202310-09
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20240605-0004/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/ Found at https://security.netapp.com/advisory/ntap-20240605-0004/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2023/dsa-5419
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/ Found at https://www.debian.org/security/2023/dsa-5419
Exploit Prediction Scoring System (EPSS)
Percentile 0.54747
EPSS Score 0.00323
Published At Sept. 16, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:38:55.172467+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/6164-1/ 37.0.0