LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2007-3152 CVE STATUS: Patched CVE SUMMARY: c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3152 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2007-3153 CVE STATUS: Patched CVE SUMMARY: The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3153 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2016-5180 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5180 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2017-1000381 CVE STATUS: Patched CVE SUMMARY: The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000381 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2020-14354 CVE STATUS: Patched CVE SUMMARY: A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14354 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2020-22217 CVE STATUS: Patched CVE SUMMARY: Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22217 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2020-8277 CVE STATUS: Patched CVE SUMMARY: A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8277 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2021-3672 CVE STATUS: Patched CVE SUMMARY: A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 5.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3672 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2022-4904 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4904 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2023-31124 CVE STATUS: Patched CVE SUMMARY: c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-31124 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2023-31130 CVE STATUS: Patched CVE SUMMARY: c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.4 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-31130 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2023-31147 CVE STATUS: Patched CVE SUMMARY: c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-31147 LAYER: meta-oe PACKAGE NAME: c-ares PACKAGE VERSION: 1.27.0 CVE: CVE-2023-32067 CVE STATUS: Patched CVE SUMMARY: c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32067