CVE-2022-4904

Sažetak

A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=2168631
https://github.com/c-ares/c-ares/issues/496
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/
https://security.gentoo.org/glsa/202401-02
https://bugzilla.redhat.com/show_bug.cgi?id=2168631
https://github.com/c-ares/c-ares/issues/496
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/
https://security.gentoo.org/glsa/202401-02

CVSS

Base:	8.6
Impact:	4.7
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Zadnje važnije ažuriranje

02-12-2025 - 21:15

Objavljeno

06-03-2023 - 23:15