c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-05-25T22:49:55.860Z
Updated: 2024-08-02T15:03:28.668Z
Reserved: 2023-05-01T16:47:35.314Z
Link: CVE-2023-32067
Vulnrichment
Updated: 2024-08-02T15:03:28.668Z
NVD
Status : Modified
Published: 2023-05-25T23:15:09.380
Modified: 2024-11-21T08:02:38.797
Link: CVE-2023-32067
Redhat