CVE-2021-3672 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Insufficient validation
Description	Missing input validation of host names returned by Domain Name Servers in the c-ares library before version 1.17.2 can lead to output of wrong hostnames (leading to domain hijacking).

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2268	c-ares	1.17.1-1	1.17.2-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
10 Aug 2021	ASA-202108-13	AVG-2268	c-ares	Medium	insufficient validation

References
https://c-ares.haxx.se/adv_20210810.html https://github.com/c-ares/c-ares/commit/362f91d807d293791008cdb7616d40f7784ece83 https://github.com/c-ares/c-ares/commit/44c009b8e62ea1929de68e3f438181bea469ec14

References

https://c-ares.haxx.se/adv_20210810.html
https://github.com/c-ares/c-ares/commit/362f91d807d293791008cdb7616d40f7784ece83
https://github.com/c-ares/c-ares/commit/44c009b8e62ea1929de68e3f438181bea469ec14