A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2168631 | Issue Tracking Third Party Advisory |
https://github.com/c-ares/c-ares/issues/496 | Exploit Issue Tracking |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/ | |
https://security.gentoo.org/glsa/202401-02 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
05 Jan 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 03:59
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
22 Jun 2023, 20:54
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1284 |
Information
Published : 2023-03-06 23:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-4904
Mitre link : CVE-2022-4904
CVE.ORG link : CVE-2022-4904
JSON object : View
Products Affected
fedoraproject
- fedora
c-ares_project
- c-ares
redhat
- software_collections
- enterprise_linux