A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. It is possible to bypass Permissions and access non authorized modules by using process.mainModule.require. This only affects users who had enabled the experimental permissions option with --experimental-policy