CVE
CVE-2023-31130
| CVE ID |
CVE-2023-31130
|
|---|---|
| CVSS Score |
6.4
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
c-ares-1.10.0-3_ol003.el7
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
`c-ares` is an asynchronous resolver library. `ares_inet_net_pton()` isvulnerable to a buffer underflow for certain IPv6 addresses, in particular`0::00:00:00/2` was found to cause an issue. `c-ares` only uses this functioninternally for configuration purposes which would require an administrator toconfigure such an address via `ares_set_sortlist()`. However, users mayexternally use `ares_inet_net_pton()` for other purposes and thus be vulnerableto more severe issues.