c-ares

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A C library for asynchronous DNS requests
Version 1.34.4-1 [extra-testing]
1.34.3-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2268 1.17.1-1 1.17.2-1 Medium Fixed
AVG-1280 1.16.1-2 1.17.1-1 Medium Fixed
AVG-315 1.12.0-1 1.13.0-1 Medium Fixed
AVG-37 1.11.0-1 1.12.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-3672 AVG-2268 Medium Yes Insufficient validation
Missing input validation of host names returned by Domain Name Servers in the c-ares library before version 1.17.2 can lead to output of wrong hostnames...
CVE-2020-8277 AVG-1280 Medium Yes Denial of service
An application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to...
CVE-2017-1000381 AVG-315 Medium Yes Information disclosure
A out-of-bounds read has been found in c-ares < 1.13.0. The ares_parse_naptr_reply() function, which is used for parsing NAPTR responses, could be triggered...
CVE-2016-5180 AVG-37 High Yes Arbitrary code execution
When a string is passed in to ares_create_query or ares_mkquery and uses an escaped trailing dot, like "hello\.", c-ares calculates the string length wrong...

Advisories

Date Advisory Group Severity Type
10 Aug 2021 ASA-202108-13 AVG-2268 Medium insufficient validation
19 Nov 2020 ASA-202011-18 AVG-1280 Medium denial of service
18 Jul 2017 ASA-201707-21 AVG-315 Medium information disclosure
30 Sep 2016 ASA-201609-31 AVG-37 High arbitrary code execution