c-ares-devel (AlmaLinux:9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:9 package c-ares-devel, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2022-4904 — CVSS 8.6 (high): A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a…
CVE-2023-32067 — CVSS 7.5 (high): c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker…
CVE-2023-31147 — CVSS 5.9 (medium): c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random…
CVE-2024-25629 — CVSS 4.4 (medium): c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as…
CVE-2023-31130 — CVSS 4.1 (medium): c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in…
CVE-2023-31124 — CVSS 3.7 (low): c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be…