CVE-2023-31124
CVSS v3.1
3.7 (Low)
EPSS
0.11 % (44th)
Affected Products
2
Advisories
28
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.
Weaknesses
- CWE-330
- Use of Insufficiently Random Values
- CVE Status
- PUBLISHED
- CNA
- GitHub, Inc.
- Published Date
-
2023-05-25 22:15:09
(16 months ago) - Updated Date
-
2023-10-31 16:05:56
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...