Package c-ares updated to version 1.17.1-alt2 for branch p9 in task 279921.

Published: 2020-05-21

BDU:2023-05898

Уязвимость функции ares_parse_soa_reply() библиотеки асинхронных DNS-запросов C-ares, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2020-22217

Published: 2023-08-22
Modified: 2024-11-21

CVE-2020-22217

Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

https://github.com/c-ares/c-ares/issues/333
https://github.com/c-ares/c-ares/issues/333
[debian-lts-announce] 20230915 [SECURITY] [DLA 3567-1] c-ares security update
[debian-lts-announce] 20230915 [SECURITY] [DLA 3567-1] c-ares security update

Version: 2.1.0

Package c-ares update in p9 on 2024-04-04

ALT-PU-2021-4838-1

Closed vulnerabilities

BDU:2023-05898

CVE-2020-22217