OESA-2023-1110
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1110
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2023-1110.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2023-1110
- Upstream
- Published
- 2023-02-21T11:04:56Z
- Modified
- 2025-08-12T05:16:38.689143Z
- Summary
- c-ares security update
- Details
-
Security Fix(es):
In aressetsortlist, it calls configsortlist(..., sortstr) to parse the input str and initialize a sortlist configuration. However, aressetsortlist has not any checks about the validity of the input str. It is very easy to create an arbitrary length stack overflow with the unchecked memcpy(ipbuf, str, q-str); and memcpy(ipbufpfx, str, q-str); statements in the configsortlist call, which could potentially cause severe security impact in practical programs.(CVE-2022-4904)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:22.03-LTS-SP1 / c-ares
Package
- Name
- c-ares
- Purl
- pkg:rpm/openEuler/c-ares&distro=openEuler-22.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.18.1-4.oe2203sp1
Ecosystem specific
{
"noarch": [
"c-ares-help-1.18.1-4.oe2203sp1.noarch.rpm"
],
"aarch64": [
"c-ares-debuginfo-1.18.1-4.oe2203sp1.aarch64.rpm",
"c-ares-1.18.1-4.oe2203sp1.aarch64.rpm",
"c-ares-devel-1.18.1-4.oe2203sp1.aarch64.rpm",
"c-ares-debugsource-1.18.1-4.oe2203sp1.aarch64.rpm"
],
"x86_64": [
"c-ares-1.18.1-4.oe2203sp1.x86_64.rpm",
"c-ares-debuginfo-1.18.1-4.oe2203sp1.x86_64.rpm",
"c-ares-debugsource-1.18.1-4.oe2203sp1.x86_64.rpm",
"c-ares-devel-1.18.1-4.oe2203sp1.x86_64.rpm"
],
"src": [
"c-ares-1.18.1-4.oe2203sp1.src.rpm"
]
}