CVE-2022-4904

A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
Configurations

Configuration 1 (hide)

cpe:2.3:a:c-ares_project:c-ares:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

History

05 Jan 2024, 10:15

Type Values Removed Values Added
References
  • () https://security.gentoo.org/glsa/202401-02 -

07 Nov 2023, 03:59

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/', 'name': 'FEDORA-2023-30e81e5293', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/ -

22 Jun 2023, 20:54

Type Values Removed Values Added
CWE CWE-20 CWE-1284

Information

Published : 2023-03-06 23:15

Updated : 2024-02-28 19:51


NVD link : CVE-2022-4904

Mitre link : CVE-2022-4904

CVE.ORG link : CVE-2022-4904


JSON object : View

Products Affected

fedoraproject

  • fedora

c-ares_project

  • c-ares

redhat

  • software_collections
  • enterprise_linux
CWE
CWE-1284

Improper Validation of Specified Quantity in Input

CWE-20

Improper Input Validation