Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-22217: read-heap-buffer-overflow in ares_parse_soa_reply() · Issue #333 · c-ares/c-ares

Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.

CVE
#vulnerability#buffer_overflow

If this is, indeed, an OOB read, then NVD scored incorrectly in this case. That said, I am not defending NVD as they frequently do not score correctly. That said, I want to point out that one part of CVSS specs says to "Score for the worst". That is one thing that leads to many v2 10 / v3 9.8 scores, especially when a vendor says e.g. "Vulnerability fixed". Without details orgs are forced to score like that, which may be artificially high of course.

Related news

Red Hat Security Advisory 2023-7207-01

Red Hat Security Advisory 2023-7207-01 - An update for c-ares is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer over-read vulnerability.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907