PT-2023-1687 · C-Ares+10 · C-Ares+10

Hopper-Vul

·

Published

2022-12-13

·

Updated

2024-06-15

·

CVE-2022-4904

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:C
Name of the Vulnerable Software and Affected Versions c-ares (affected versions not specified)
Description The issue is related to the ares set sortlist function in the c-ares library, which lacks checks for the validity of the input string. This allows for a possible arbitrary length stack overflow, potentially causing a denial of service or limited impact on confidentiality and integrity.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-20CWE-1284

Related Identifiers

ALSA-2023:1582
ALSA-2023:1743
ALSA-2023:2654
ALSA-2023:2655
ALSA-2023:4035
ALSA-2023:6635
ALSA-2023:7116
ALT-PU-2023-1179
ALT-PU-2023-4623
ALT-PU-2023-5121
AZL-13817
AZL-13827
AZL-13828
AZL-34775
AZL-43921
BDU:2023-01258
CESA-2023_1582
CESA-2023_1743
CESA-2023_4035
CESA-2023_7116
CVE-2022-4904
DLA-3323-1
MGASA-2023-0069
OESA-2023-1091
OESA-2023-1110
OPENSUSE-SU-2024:12674-1
RHSA-2023:1533
RHSA-2023:1582
RHSA-2023:1742
RHSA-2023:1743
RHSA-2023:1744
RHSA-2023:2654
RHSA-2023:2655
RHSA-2023:4035
RHSA-2023:5533
RHSA-2023:6291
RHSA-2023:6635
RHSA-2023:7116
RHSA-2023:7368
RHSA-2023:7543
RHSA-2023_1582
RHSA-2023_1743
RHSA-2023_2654
RHSA-2023_2655
RHSA-2023_4035
RHSA-2023_6635
RHSA-2023_7116
RLSA-2023:1582
RLSA-2023:1743
RLSA-2023:2655
RLSA-2023:4035
ROSA-SA-2023-2284
SUSE-SU-2023:0486-1
SUSE-SU-2023:3420-1
SUSE-SU-2023_0486-1
SUSE-SU-2023_3420-1
USN-5907-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
C-Ares