1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-5034-1

[USN-5034-1] c-ares vulnerability

Severity Medium
Affected Packages 6
CVEs 1
Info Packages Vulnerabilities

c-ares could be made to return wrong domains.

Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly
validated certain hostnames returned by DNS servers. A remote attacker
could possibly use this issue to perform Domain Hijacking attacks.

Package Affected Version
pkg:deb/ubuntu/libc-ares2?distro=hirsute < 1.17.1-1ubuntu0.1
pkg:deb/ubuntu/libc-ares2?distro=focal < 1.15.0-1ubuntu0.1
pkg:deb/ubuntu/libc-ares2?distro=bionic < 1.14.0-1ubuntu0.1
pkg:deb/ubuntu/libc-ares-dev?distro=hirsute < 1.17.1-1ubuntu0.1
pkg:deb/ubuntu/libc-ares-dev?distro=focal < 1.15.0-1ubuntu0.1
pkg:deb/ubuntu/libc-ares-dev?distro=bionic < 1.14.0-1ubuntu0.1
ID
USN-5034-1
Severity
medium
URL
https://ubuntu.com/security/notices/USN-5034-1
Published
2021-08-10T11:53:27
(3 years ago)
Modified
2021-08-10T11:53:27
(3 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/libc-ares2?distro=hirsute ubuntu libc-ares2 < 1.17.1-1ubuntu0.1 hirsute
Affected pkg:deb/ubuntu/libc-ares2?distro=focal ubuntu libc-ares2 < 1.15.0-1ubuntu0.1 focal
Affected pkg:deb/ubuntu/libc-ares2?distro=bionic ubuntu libc-ares2 < 1.14.0-1ubuntu0.1 bionic
Affected pkg:deb/ubuntu/libc-ares-dev?distro=hirsute ubuntu libc-ares-dev < 1.17.1-1ubuntu0.1 hirsute
Affected pkg:deb/ubuntu/libc-ares-dev?distro=focal ubuntu libc-ares-dev < 1.15.0-1ubuntu0.1 focal
Affected pkg:deb/ubuntu/libc-ares-dev?distro=bionic ubuntu libc-ares-dev < 1.14.0-1ubuntu0.1 bionic
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date