CVE-2023-32067
CVSS v3.1
7.5 (High)
EPSS
0.13 % (49th)
Affected Products
3
Advisories
38
NVD Status
Modified
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
Weaknesses
- CWE-400
- Uncontrolled Resource Consumption
- CWE-NVD-noinfo
- CVE Status
- PUBLISHED
- NVD Status
- Modified
- CNA
- GitHub, Inc.
- Published Date
-
2023-05-25 23:15:09
(16 months ago) - Updated Date
-
2024-06-10 18:15:20
(3 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...