CVE-2023-31130

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-31130
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.

6.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1 Release Notes
https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/ Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202310-09 Third Party Advisory
https://security.netapp.com/advisory/ntap-20240605-0005/
https://www.debian.org/security/2023/dsa-5419 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:c-ares_project:c-ares:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
History

10 Jun 2024, 17:16

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240605-0005/ -

31 Oct 2023, 16:06

Type Values Removed Values Added
CWE CWE-124 CWE-787
CPE cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
First Time Debian debian Linux
Debian
References (MISC) https://www.debian.org/security/2023/dsa-5419 - (MISC) https://www.debian.org/security/2023/dsa-5419 - Third Party Advisory
References (MISC) https://security.gentoo.org/glsa/202310-09 - (MISC) https://security.gentoo.org/glsa/202310-09 - Third Party Advisory
References (MISC) https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html - (MISC) https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html - Mailing List

08 Oct 2023, 09:15

Type Values Removed Values Added
References
  • (MISC) https://security.gentoo.org/glsa/202310-09 -

26 Jun 2023, 22:15

Type Values Removed Values Added
References
  • (MISC) https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html -

07 Jun 2023, 10:15

Type Values Removed Values Added
References
  • (MISC) https://www.debian.org/security/2023/dsa-5419 -
CWE NVD-CWE-Other CWE-124

02 Jun 2023, 18:14

Type Values Removed Values Added
CPE cpe:2.3:a:c-ares_project:c-ares:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.4
CWE NVD-CWE-Other
First Time Fedoraproject fedora
C-ares Project c-ares
C-ares Project
Fedoraproject
References (MISC) https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1 - (MISC) https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1 - Release Notes
References (MISC) https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v - (MISC) https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v - Third Party Advisory
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/ - Mailing List, Third Party Advisory
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/ - Mailing List, Third Party Advisory

28 May 2023, 06:15

Type Values Removed Values Added
References
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/ -
Information

Published : 2023-05-25 22:15

Updated : 2024-06-10 17:16

NVD link : CVE-2023-31130

Mitre link : CVE-2023-31130

CVE.ORG link : CVE-2023-31130

JSON object : View

Products Affected

fedoraproject

  • fedora

c-ares_project

  • c-ares

debian

  • debian_linux
CWE
CWE-787

Out-of-bounds Write

CWE-124

Buffer Underwrite ('Buffer Underflow')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024