CVE-2023-31130
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-31130
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-31130.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-31130
- Aliases
-
- GHSA-x6mf-cxr9-8q6v
- Related
- Published
- 2023-05-25T22:15:09Z
- Modified
- 2024-09-11T06:12:34.874269Z
- Severity
-
- 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
c-ares is an asynchronous resolver library. aresinetnetpton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via aressetsortlist(). However, users may externally use aresinetnetpton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
- References
-
- https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v
- https://security.gentoo.org/glsa/202310-09
- https://security.netapp.com/advisory/ntap-20240605-0005/
- https://www.debian.org/security/2023/dsa-5419
- https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
- https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
- https://security-tracker.debian.org/tracker/CVE-2023-31130
Affected packages
Debian:11 / c-ares
Package
- Name
- c-ares
- Purl
- pkg:deb/debian/c-ares?arch=source
Debian:12 / c-ares
Package
- Name
- c-ares
- Purl
- pkg:deb/debian/c-ares?arch=source
Debian:13 / c-ares
Package
- Name
- c-ares
- Purl
- pkg:deb/debian/c-ares?arch=source
Git / github.com/c-ares/c-ares
Affected ranges
- Type
- GIT
- Repo
- https://github.com/c-ares/c-ares
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
c-ares-1_17_0
c-ares-1_2_0
cares-1_10_0
cares-1_11_0
cares-1_11_0-rc1
cares-1_12_0
cares-1_13_0
cares-1_14_0
cares-1_15_0
cares-1_16_0
cares-1_16_1
cares-1_17_1
cares-1_17_2
cares-1_18_0
cares-1_18_1
cares-1_19_0
cares-1_1_0
cares-1_2_1
cares-1_3_1
cares-1_3_2
cares-1_4_0
cares-1_5_0
cares-1_5_1
cares-1_5_2
cares-1_5_3
cares-1_6_0
cares-1_7_0
cares-1_7_1
cares-1_7_2
cares-1_7_3
cares-1_7_4
cares-1_7_5
cares-1_8_0
cares-1_9_0
cares-1_9_1
curl-7_10_8
curl-7_11_0
curl-7_11_1
curl-7_12_0
curl-7_12_1
curl-7_12_2
curl-7_13_0
curl-7_13_1
curl-7_13_2
curl-7_14_0
curl-7_14_1
curl-7_15_0
curl-7_15_1
curl-7_15_3
curl-7_15_4
curl-7_15_5
curl-7_15_6-prepipeline
curl-7_16_0
curl-7_16_1
curl-7_16_2
curl-7_16_3
curl-7_16_4
curl-7_17_0
curl-7_17_1
curl-7_18_0
curl-7_18_1
curl-7_18_2
curl-7_19_0
curl-7_19_2
curl-7_19_3
curl-7_19_4
curl-7_19_5
curl-7_19_6
curl-7_19_7
curl-7_20_0