Search for vulnerabilities
Vulnerability details: VCID-njsk-6t9c-gqaz
Vulnerability ID VCID-njsk-6t9c-gqaz
Aliases CVE-2020-22217
Summary Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.
Status Published
Exploitability 0.5
Weighted Severity 5.3
Risk 2.6
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-126 Buffer Over-read
CWE-125 Out-of-bounds Read
System Score Found at
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22217.json
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2020-22217
cvssv3.1 7.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://github.com/c-ares/c-ares/issues/333
ssvc Track https://lists.debian.org/debian-lts-announce/2023/09/msg00014.html
cvssv3.1 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-22217
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22217.json
https://api.first.org/data/v1/epss?cve=CVE-2020-22217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22217
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2235527 https://bugzilla.redhat.com/show_bug.cgi?id=2235527
333 https://github.com/c-ares/c-ares/issues/333
cpe:2.3:a:c-ares:c-ares:1.16.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:c-ares:c-ares:1.16.1:*:*:*:*:*:*:*
cpe:2.3:a:c-ares:c-ares:1.17.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:c-ares:c-ares:1.17.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVE-2020-22217 https://nvd.nist.gov/vuln/detail/CVE-2020-22217
msg00014.html https://lists.debian.org/debian-lts-announce/2023/09/msg00014.html
RHSA-2023:7207 https://access.redhat.com/errata/RHSA-2023:7207
RHSA-2024:0419 https://access.redhat.com/errata/RHSA-2024:0419
RHSA-2024:0578 https://access.redhat.com/errata/RHSA-2024:0578
USN-6376-1 https://usn.ubuntu.com/6376-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22217.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:59:20Z/ Found at https://github.com/c-ares/c-ares/issues/333
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:59:20Z/ Found at https://lists.debian.org/debian-lts-announce/2023/09/msg00014.html
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-22217
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.30983
EPSS Score 0.00115
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:41:07.537745+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/6376-1/ 37.0.0