CVE-2024-25629
CVSS v3.1
4.4 (Medium)
EPSS
0.04 % (16th)
Advisories
32
NVD Status
Awaiting Analysis
c-ares is a C library for asynchronous DNS requests. ares__read_line()
is used to parse local configuration files such as /etc/resolv.conf
, /etc/nsswitch.conf
, the HOSTALIASES
file, and if using a c-ares version prior to 1.27.0, the /etc/hosts
file. If any of these configuration files has an embedded NULL
character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.
Weaknesses
- CWE-127
- Buffer Under-read
- CVE Status
- PUBLISHED
- NVD Status
- Awaiting Analysis
- CNA
- GitHub, Inc.
- Published Date
-
2024-02-23 15:15:09
(6 months ago) - Updated Date
-
2024-04-19 23:15:09
(5 months ago)
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...