1. Home
  2. Vulnerabilities
  3. CVE-2023-32067

CVE-2023-32067

CVSS v3.1 7.5 (High)
75% Progress
EPSS 0.13 % (49th)
0.13% Progress
Affected Products 3
Advisories 38
NVD Status Modified
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.

Weaknesses
CWE-400
Uncontrolled Resource Consumption
CWE-NVD-noinfo
CVE Status
PUBLISHED
NVD Status
Modified
CNA
GitHub, Inc.
Published Date
2023-05-25 23:15:09
(16 months ago)
Updated Date
2024-06-10 18:15:20
(3 months ago)

Affected Products

C-ares Project

Debian

Fedoraproject

Configuration #1

    CPE23 From Up To
  C-ares Project C-ares prior 1.19.1 version cpe:2.3:a:c-ares_project:c-ares < 1.19.1

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 37 cpe:2.3:o:fedoraproject:fedora:37
  Fedoraproject Fedora 38 cpe:2.3:o:fedoraproject:fedora:38

Configuration #3

    CPE23 From Up To
  Debian Linux 10.0 cpe:2.3:o:debian:debian_linux:10.0
  Debian Linux 11.0 cpe:2.3:o:debian:debian_linux:11.0