Download
| Alert*
oval:org.secpod.oval:def:1800366
c-ares is installed oval:org.secpod.oval:def:111402 c-ares is installed oval:org.secpod.oval:def:507790 The c-ares C library defines asynchronous DNS requests and provides name resolving API. Security Fix: * c-ares: 0-byte UDP payload Denial of Service For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page ... oval:org.secpod.oval:def:507791 The c-ares C library defines asynchronous DNS requests and provides name resolving API. Security Fix: * c-ares: 0-byte UDP payload Denial of Service For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page ... oval:org.secpod.oval:def:2501112 The c-ares C library defines asynchronous DNS requests and provides name resolving API. oval:org.secpod.oval:def:111425 c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT. oval:org.secpod.oval:def:111401 c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT. oval:org.secpod.oval:def:1800793 When a string is passed in to ares_create_query or ares_mkquery and uses an escaped trailing dot, like "hello\.", c-ares calculates the string length wrong and subsequently writes outside of the allocated buffer with one byte. The wrongly written byte is the least significant byte of the "dnsclass" ... oval:org.secpod.oval:def:1601730 Denial of Service.An issue in c-ares was found where a 0-byte UDP payload can cause a Denial of Service . oval:org.secpod.oval:def:1506621 [1.10.0-3.1] - Resolves: rhbz#2209503 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-7.9.z] oval:org.secpod.oval:def:1506601 [1.17.1-5.1] - Resolves: rhbz#2209519 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-9.2.0.z] oval:org.secpod.oval:def:1506611 [1.13.0-6.1] - Resolves: rhbz#2209516 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-8.8.0.z] oval:org.secpod.oval:def:2600265 The c-ares C library defines asynchronous DNS requests and provides name resolving API. oval:org.secpod.oval:def:4501432 The c-ares C library defines asynchronous DNS requests and provides name resolving API. Security Fix: * c-ares: 0-byte UDP payload Denial of Service For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page ... oval:org.secpod.oval:def:95283 [1.13.0-9.1] - Resolves: RHEL-11931 - Buffer Underwrite in ares_inet_net_pton [rhel-8.9.0.z] [1.13.0-9] - Resolves: rhbz#2238293 - CVE-2020-22217 c-ares: read-heap-buffer-overflow in ares_parse_soa_reply [rhel-8] [rhel-8.9.0.z] oval:org.secpod.oval:def:2501261 The c-ares C library defines asynchronous DNS requests and provides name resolving API. oval:org.secpod.oval:def:89049023 This update for c-ares fixes the following issues: Update to version 1.19.1: * CVE-2023-32067: 0-byte UDP payload causes Denial of Service * CVE-2023-31147: Insufficient randomness in generation of DNS query IDs * CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton * CVE-2023-31124: AutoTools ... oval:org.secpod.oval:def:125763 c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT. oval:org.secpod.oval:def:125734 c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT. oval:org.secpod.oval:def:4501508 The c-ares C library defines asynchronous DNS requests and provides name resolving API. Security Fix: * c-ares: Heap buffer over read in ares_parse_soa_reply * c-ares: Buffer Underwrite in ares_inet_net_pton For more details about the security issue, including the impact, a CVSS score, acknowledg ... oval:org.secpod.oval:def:2600411 The c-ares C library defines asynchronous DNS requests and provides name resolving API. oval:org.secpod.oval:def:19500219 A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. When cross-compiling c-ares ... oval:org.secpod.oval:def:2501222 The c-ares C library defines asynchronous DNS requests and provides name resolving API. oval:org.secpod.oval:def:89048521 This update for c-ares fixes the following issues: Updated to version 1.19.0: * CVE-2022-4904: Fixed missing string length check in config_sortlist . oval:org.secpod.oval:def:120628 c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named ares, written by Greg Hudson at MIT. oval:org.secpod.oval:def:1505652 [1.13.0-6] - Resolves: rhbz#1989425 - CVE-2021-3672 c-ares: missing input validation of host names may lead to Domain Hijacking [rhel-8] oval:org.secpod.oval:def:89047312 This update for c-ares fixes the following issues: Version update to git snapshot 1.17.1+20200724: - CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers - If ares_getaddrinfo was terminated by an ares_destroy, it would cause crash - Crash in sortaddrinfo if the list s ... oval:org.secpod.oval:def:1702028 A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availabil ... oval:org.secpod.oval:def:1702059 When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG oval:org.secpod.oval:def:112506 c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named ares, written by Greg Hudson at MIT. oval:org.secpod.oval:def:1800384 The c-ares function ares_parse_naptr_reply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. Affected versions: c-ares 1.8.0 to and including 1.12.0 Not affected versio ... oval:org.secpod.oval:def:1800365 The c-ares function ares_parse_naptr_reply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. Affected versions c-ares 1.8.0 to and including 1.12.0 Not affected version ... oval:org.secpod.oval:def:1800423 The c-ares function ares_parse_naptr_reply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. Affected versions: c-ares 1.8.0 to and including 1.12.0 Not affected versio ... oval:org.secpod.oval:def:112612 c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named ares, written by Greg Hudson at MIT. oval:org.secpod.oval:def:1600735 The c-ares function `ares_parse_naptr_reply`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way oval:org.secpod.oval:def:19500661 c-ares is a C library for asynchronous DNS requests. 'ares__read_line' is used to parse local configuration files such as '/etc/resolv.conf', '/etc/nsswitch.conf', the 'HOSTALIASES' file, and if using a c-ares version prior to 1.27.0, the '/etc/hosts' file. If any of these configuration files has an ... oval:org.secpod.oval:def:89051734 This update for c-ares fixes the following issues: * CVE-2024-25629: Fixed out of bounds read in ares__read_line . |