[Debian]: CVE: CVE-2022-4904: c-ares arbitrary length stack overflow
Bug #2018638 reported by
Yue Tao
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Zhixiong Chi |
Bug Description
CVE-2022-4904: https:/
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
Score:
cve_id status cvss3Score
CVE-2022-490 fixed 8.6
References:
['libc-
CVE References
Changed in starlingx: | |
status: | New → Triaged |
importance: | Undecided → High |
tags: | added: stx.9.0 stx.security |
Changed in starlingx: | |
assignee: | nobody → Zhixiong Chi (zhixiongchi) |
status: | Triaged → In Progress |
To post a comment you must log in.
Reviewed: https:/ /review. opendev. org/c/starlingx /tools/ +/882802 /opendev. org/starlingx/ tools/commit/ f7cf153f496684d d90ff31b3db2656 07a739b083
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit f7cf153f496684d d90ff31b3db2656 07a739b083
Author: Zhixiong Chi <email address hidden>
Date: Mon May 8 13:58:40 2023 +0800
libc-ares2: fix CVE-2022-4904
Upgrade libc-ares2 to 1.17.1-1+deb11u2
Refer to: /security- tracker. debian. org/tracker/ CVE-2022- 4904
https:/
TestPlan:
PASS: downloader
PASS: build-pkgs --clean
PASS: build-image
PASS: Jenkins Installation.
PASS: dpkg -l |grep libc-ares2
ii libc-ares2:amd64 1.17.1-1+deb11u2
Closes-Bug: 2018638
Signed-off-by: Zhixiong Chi <email address hidden> a57fdf50af28008 9c32f8e731a
Change-Id: I97d17710cd297c