Change History (5)
comment:1 by , 23 months ago
| Priority: | normal → elevated |
|---|
comment:2 by , 23 months ago
| Owner: | changed from to |
|---|
comment:4 by , 23 months ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Security Advisory SA 11.3-028.
Note:
See TracTickets
for help on using tickets.
From https://c-ares.org/vulns.html
CVE-2023-32067 - May 22 2023
High. 0-byte UDP payload causes Denial of Service. Fixed in 1.19.1. CVE-2023-32067
CVE-2023-31147 - May 22 2023
Moderate. Insufficient randomness in generation of DNS query IDs. Fixed in 1.19.1. CVE-2023-31147
CVE-2023-31130 - May 22 2023
Moderate. Buffer Underwrite in ares_inet_net_pton(). Fixed in 1.19.1. CVE-2023-31130
CVE-2023-31124 - May 22 2023
Low. AutoTools does not set CARES_RANDOM_FILE during cross compilation. Fixed in 1.19.1. CVE-2023-31124
Obviously, BLFS does not support cross-compilation nor use autotools for this package.