You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
c-ares is a C library for asynchronous DNS requests. ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded NULL character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.
CVE-2024-25629 - Medium Severity Vulnerability
Vulnerable Library - c-aresc-ares-1.16.0
A C library for asynchronous DNS requests.
Library home page: https://c-ares.haxx.se/?wsslib=c-ares
Found in HEAD commit: 00fdb00d5bdbaea4fec4642989374d82cbdb1a3c
Found in base branch: master
Vulnerable Source Files (3)
/deps/cares/src/ares__read_line.c
/deps/cares/src/ares__read_line.c
/deps/cares/src/ares__read_line.c
Vulnerability Details
c-ares is a C library for asynchronous DNS requests.
ares__read_line()
is used to parse local configuration files such as/etc/resolv.conf
,/etc/nsswitch.conf
, theHOSTALIASES
file, and if using a c-ares version prior to 1.27.0, the/etc/hosts
file. If any of these configuration files has an embeddedNULL
character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.Publish Date: 2024-02-23
URL: CVE-2024-25629
CVSS 3 Score Details (4.4)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-mg26-v6qh-x48q
Release Date: 2024-02-09
Fix Resolution: cares-1_27_0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: