c-ares
Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
Description | A C library for asynchronous DNS requests |
Version |
1.34.4-1 [extra-testing] 1.34.3-1 [extra] |
Resolved
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-2268 | 1.17.1-1 | 1.17.2-1 | Medium | Fixed | |
AVG-1280 | 1.16.1-2 | 1.17.1-1 | Medium | Fixed | |
AVG-315 | 1.12.0-1 | 1.13.0-1 | Medium | Fixed | |
AVG-37 | 1.11.0-1 | 1.12.0-1 | High | Fixed |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2021-3672 | AVG-2268 | Medium | Yes | Insufficient validation | Missing input validation of host names returned by Domain Name Servers in the c-ares library before version 1.17.2 can lead to output of wrong hostnames... |
CVE-2020-8277 | AVG-1280 | Medium | Yes | Denial of service | An application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to... |
CVE-2017-1000381 | AVG-315 | Medium | Yes | Information disclosure | A out-of-bounds read has been found in c-ares < 1.13.0. The ares_parse_naptr_reply() function, which is used for parsing NAPTR responses, could be triggered... |
CVE-2016-5180 | AVG-37 | High | Yes | Arbitrary code execution | When a string is passed in to ares_create_query or ares_mkquery and uses an escaped trailing dot, like "hello\.", c-ares calculates the string length wrong... |
Advisories
Date | Advisory | Group | Severity | Type |
---|---|---|---|---|
10 Aug 2021 | ASA-202108-13 | AVG-2268 | Medium | insufficient validation |
19 Nov 2020 | ASA-202011-18 | AVG-1280 | Medium | denial of service |
18 Jul 2017 | ASA-201707-21 | AVG-315 | Medium | information disclosure |
30 Sep 2016 | ASA-201609-31 | AVG-37 | High | arbitrary code execution |