c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular 0::00:00:00/2 was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
Name | Vendor | Start Version | End Version |
---|---|---|---|
C-ares | C-ares_project | * | 1.19.1 (excluding) |
Red Hat Enterprise Linux 8 | RedHat | nodejs:16-8080020230608150024.63b34585 | * |
Red Hat Enterprise Linux 8 | RedHat | nodejs:18-8080020230607122508.63b34585 | * |
Red Hat Enterprise Linux 8 | RedHat | c-ares-0:1.13.0-9.el8_9.1 | * |
Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | nodejs:16-8060020230620060944.ad008a3a | * |
Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | c-ares-0:1.13.0-6.el8_6.2 | * |
Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | c-ares-0:1.13.0-6.el8_8.3 | * |
Red Hat Enterprise Linux 9 | RedHat | nodejs:18-9020020230531092345.rhel9 | * |
Red Hat Enterprise Linux 9 | RedHat | nodejs-1:16.19.1-2.el9_2 | * |
Red Hat Enterprise Linux 9 | RedHat | c-ares-0:1.19.1-1.el9 | * |
Red Hat Enterprise Linux 9 | RedHat | c-ares-0:1.19.1-1.el9 | * |
Red Hat Enterprise Linux 9.0 Extended Update Support | RedHat | nodejs-1:16.18.1-4.el9_0 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-nodejs14-nodejs-0:14.21.3-4.el7 | * |
C-ares | Ubuntu | bionic | * |
C-ares | Ubuntu | esm-infra/bionic | * |
C-ares | Ubuntu | esm-infra/xenial | * |
C-ares | Ubuntu | focal | * |
C-ares | Ubuntu | jammy | * |
C-ares | Ubuntu | kinetic | * |
C-ares | Ubuntu | lunar | * |
C-ares | Ubuntu | trusty | * |
C-ares | Ubuntu | upstream | * |
C-ares | Ubuntu | xenial | * |