You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Summary: c-ares is a C library for asynchronous DNS requests. ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded NULL character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.
Name: c-ares
CVEs: CVE-2024-25629
CVSSs: 4.4
Action Needed: update to >= 1.27.0
Summary: c-ares is a C library for asynchronous DNS requests.
ares__read_line()is used to parse local configuration files such as/etc/resolv.conf,/etc/nsswitch.conf, theHOSTALIASESfile, and if using a c-ares version prior to 1.27.0, the/etc/hostsfile. If any of these configuration files has an embeddedNULLcharacter as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.See also https://seclists.org/oss-sec/2024/q1/157.
refmap.gentoo: https://bugs.gentoo.org/925661
The text was updated successfully, but these errors were encountered: