[Debian] High CVE: CVE-2023-31130/CVE-2023-32067: c-ares: multiple CVEs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Peng Zhang |
Bug Description
CVE-2023-31130: https:/
c-ares is an asynchronous resolver library. ares_inet_
CVE-2023-32067: https:/
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
Base Score: High
https:/
https:/
['libc-
CVE References
tags: | added: stx.9.0 stx.security |
Changed in starlingx: | |
assignee: | nobody → Peng Zhang (pzhang2) |
status: | Triaged → In Progress |
Fixed by: https:/ /review. opendev. org/c/starlingx /tools/ +/888019 which merged on July 11