Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2023-31130

Published: September 18, 2023Last modified: September 18, 2023

Description

c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.

Severity score breakdown

ParameterValue
Base score6.4
Attack VectorLOCAL
Attack complexityHIGH
Privileges requiredHIGH
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSc-aresNot affected (1.19.1-r0)
Streamc-aresNot affected (1.19.1-r1)

References

ON THIS PAGE