PT-2023-6789 · C-Ares+10 · C-Ares+10
Xiang Li
·
Publicado
2023-05-22
·
Atualizado
2026-02-18
·
CVE-2023-32067
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
c-ares versions prior to 1.19.1
Description
The issue is related to a denial of service vulnerability in the c-ares library, which is an asynchronous resolver library. It occurs when a target resolver sends a query, and an attacker forges a malformed UDP packet with a length of 0, causing the target resolver to interpret the 0 length as a graceful shutdown of the connection. This can lead to a denial of service.
Recommendations
For versions prior to 1.19.1, update to version 1.19.1 to resolve the issue. As a temporary workaround, consider restricting the handling of UDP packets with a length of 0 to minimize the risk of exploitation.
Exploit
Correção
DoS
Resource Exhaustion
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
C-Ares