libcares2 (SUSE:Linux Enterprise Software Development Kit 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Software Development Kit 12 SP5 package libcares2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2022-4904 — CVSS 8.6 (high): A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a…
CVE-2023-32067 — CVSS 7.5 (high): c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker…
CVE-2023-31147 — CVSS 5.9 (medium): c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random…
CVE-2020-22217 — CVSS 5.9 (medium): Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.
CVE-2021-3672 — CVSS 5.6 (medium): A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to…
CVE-2024-25629 — CVSS 4.4 (medium): c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as…
CVE-2023-31130 — CVSS 4.1 (medium): c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in…
CVE-2023-31124 — CVSS 3.7 (low): c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be…