[Debian]: CVE: CVE-2022-4904: c-ares arbitrary length stack overflow
Bug #2018638 reported by
Yue Tao
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| StarlingX |
Fix Released
|
High
|
Zhixiong Chi | ||
Bug Description
CVE-2022-4904: https:/
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
Score:
cve_id status cvss3Score
CVE-2022-490 fixed 8.6
References:
['libc-
CVE References
| Changed in starlingx: | |
| status: | New → Triaged |
| importance: | Undecided → High |
| tags: | added: stx.9.0 stx.security |
| Changed in starlingx: | |
| assignee: | nobody → Zhixiong Chi (zhixiongchi) |
| status: | Triaged → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to tools (master) | #1 |
| Changed in starlingx: | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
Reviewed: https:/
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit f7cf153f496684d
Author: Zhixiong Chi <email address hidden>
Date: Mon May 8 13:58:40 2023 +0800
libc-ares2: fix CVE-2022-4904
Upgrade libc-ares2 to 1.17.1-1+deb11u2
Refer to:
https:/
TestPlan:
PASS: downloader
PASS: build-pkgs --clean
PASS: build-image
PASS: Jenkins Installation.
PASS: dpkg -l |grep libc-ares2
ii libc-ares2:amd64 1.17.1-1+deb11u2
Closes-Bug: 2018638
Signed-off-by: Zhixiong Chi <email address hidden>
Change-Id: I97d17710cd297c