C-Ares · C-Ares · CVE-2022-4904
**Name of the Vulnerable Software and Affected Versions**
c-ares (affected versions not specified)
**Description**
The issue is related to the `ares set sortlist` function in the c-ares library, which lacks checks for the validity of the input string. This allows for a possible arbitrary length stack overflow, potentially causing a denial of service or limited impact on confidentiality and integrity.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.