c-ares is a C library for asynchronous DNS requests. ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded NULL character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| C-ares | C-ares | * | 1.27.0 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | nodejs:20-8090020240422150739.a75119d5 | * |
| Red Hat Enterprise Linux 8 | RedHat | nodejs:18-8090020240429131734.a75119d5 | * |
| Red Hat Enterprise Linux 8 | RedHat | c-ares-0:1.13.0-11.el8_10 | * |
| Red Hat Enterprise Linux 9 | RedHat | nodejs:18-9040020240422140329.rhel9 | * |
| Red Hat Enterprise Linux 9 | RedHat | nodejs:20-9040020240419140200.rhel9 | * |
| Red Hat Enterprise Linux 9 | RedHat | nodejs-1:16.20.2-8.el9_4 | * |
| Red Hat Enterprise Linux 9 | RedHat | c-ares-0:1.19.1-2.el9_4 | * |
| Red Hat Enterprise Linux 9 | RedHat | c-ares-0:1.19.1-2.el9_4 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | nodejs-1:16.20.2-9.el9_0 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | nodejs-1:16.20.2-6.el9_2.3 | * |
| C-ares | Ubuntu | bionic | * |
| C-ares | Ubuntu | esm-infra/bionic | * |
| C-ares | Ubuntu | esm-infra/xenial | * |
| C-ares | Ubuntu | focal | * |
| C-ares | Ubuntu | jammy | * |
| C-ares | Ubuntu | mantic | * |
| C-ares | Ubuntu | trusty | * |
| C-ares | Ubuntu | upstream | * |
| C-ares | Ubuntu | xenial | * |