CVE-2023-32067

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
c-ares_projectc-ares
𝑥
< 1.19.1
debiandebian_linux
10.0
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
c-aresc-ares
𝑥
< 1.19.1
ADP
Debian logo
Debian Releases
Debian Product
Codename
c-ares
bookworm
1.18.1-3
fixed
bullseye
1.17.1-1+deb11u3
fixed
bullseye (security)
1.17.1-1+deb11u3
fixed
sid
1.34.4-2.1
fixed
trixie
1.34.4-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
c-ares
bionic
Fixed 1.14.0-1ubuntu0.2+esm1
released
focal
Fixed 1.15.0-1ubuntu0.3
released
jammy
Fixed 1.18.1-1ubuntu0.22.04.2
released
kinetic
Fixed 1.18.1-1ubuntu0.22.10.2
released
lunar
Fixed 1.18.1-2ubuntu0.1
released
mantic
not-affected
trusty
ignored
xenial
Fixed 1.10.0-3ubuntu0.2+esm2
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
c-ares-devel
suse enterprise desktop 15 SP4
1.19.1-150000.3.23.1
fixed
suse enterprise desktop 15 SP5
1.19.1-150000.3.23.1
fixed
suse enterprise desktop 15 SP6
1.19.1-150000.3.23.1
fixed
suse enterprise desktop 15 SP7
1.19.1-150000.3.23.1
fixed
suse enterprise sap 15 SP1
1.19.1-150000.3.23.1
fixed
suse enterprise sap 15 SP2
1.19.1-150000.3.23.1
fixed
suse enterprise sap 15 SP4
1.19.1-150000.3.23.1
fixed
suse enterprise sap 15 SP5
1.19.1-150000.3.23.1
fixed
suse enterprise sap 15 SP6
1.19.1-150000.3.23.1
fixed
suse enterprise sap 15 SP7
1.19.1-150000.3.23.1
fixed
suse enterprise server 15 SP1
1.19.1-150000.3.23.1
fixed
suse enterprise server 15 SP2
1.19.1-150000.3.23.1
fixed
suse enterprise server 15 SP3
1.19.1-150000.3.23.1
fixed
suse enterprise server 15 SP4
1.19.1-150000.3.23.1
fixed
suse enterprise server 15 SP5
1.19.1-150000.3.23.1
fixed
suse enterprise server 15 SP6
1.19.1-150000.3.23.1
fixed
suse enterprise server 15 SP7
1.19.1-150000.3.23.1
fixed
libcares2
suse enterprise desktop 15 SP4
1.19.1-150000.3.23.1
fixed
suse enterprise desktop 15 SP5
1.19.1-150000.3.23.1
fixed
suse enterprise desktop 15 SP6
1.19.1-150000.3.23.1
fixed
suse enterprise desktop 15 SP7
1.19.1-150000.3.23.1
fixed
suse enterprise sap 15 SP1
1.19.1-150000.3.23.1
fixed
suse enterprise sap 15 SP2
1.19.1-150000.3.23.1
fixed
suse enterprise sap 15 SP4
1.19.1-150000.3.23.1
fixed
suse enterprise sap 15 SP5
1.19.1-150000.3.23.1
fixed
suse enterprise sap 15 SP6
1.19.1-150000.3.23.1
fixed
suse enterprise sap 15 SP7
1.19.1-150000.3.23.1
fixed
suse enterprise server 15 SP1
1.19.1-150000.3.23.1
fixed
suse enterprise server 15 SP2
1.19.1-150000.3.23.1
fixed
suse enterprise server 15 SP3
1.19.1-150000.3.23.1
fixed
suse enterprise server 15 SP4
1.19.1-150000.3.23.1
fixed
suse enterprise server 15 SP5
1.19.1-150000.3.23.1
fixed
suse enterprise server 15 SP6
1.19.1-150000.3.23.1
fixed
suse enterprise server 15 SP7
1.19.1-150000.3.23.1
fixed
nodejs16
suse enterprise sap 12
16.20.1-8.30.1
fixed
suse enterprise sap 12 SP3
16.20.1-8.30.1
fixed
suse enterprise sap 12 SP4
16.20.1-8.30.1
fixed
suse enterprise sap 12 SP5
16.20.1-8.30.1
fixed
suse enterprise sap 15 SP4
16.20.1-150400.3.21.1
fixed
suse enterprise server 12
16.20.1-8.30.1
fixed
suse enterprise server 12 SP3
16.20.1-8.30.1
fixed
suse enterprise server 12 SP4
16.20.1-8.30.1
fixed
suse enterprise server 12 SP5
16.20.1-8.30.1
fixed
suse enterprise server 15 SP3
16.20.1-150300.7.24.2
fixed
suse enterprise server 15 SP4
16.20.1-150400.3.21.1
fixed
nodejs16-devel
suse enterprise sap 12
16.20.1-8.30.1
fixed
suse enterprise sap 12 SP3
16.20.1-8.30.1
fixed
suse enterprise sap 12 SP4
16.20.1-8.30.1
fixed
suse enterprise sap 12 SP5
16.20.1-8.30.1
fixed
suse enterprise sap 15 SP4
16.20.1-150400.3.21.1
fixed
suse enterprise server 12
16.20.1-8.30.1
fixed
suse enterprise server 12 SP3
16.20.1-8.30.1
fixed
suse enterprise server 12 SP4
16.20.1-8.30.1
fixed
suse enterprise server 12 SP5
16.20.1-8.30.1
fixed
suse enterprise server 15 SP3
16.20.1-150300.7.24.2
fixed
suse enterprise server 15 SP4
16.20.1-150400.3.21.1
fixed
nodejs16-docs
suse enterprise sap 12
16.20.1-8.30.1
fixed
suse enterprise sap 12 SP3
16.20.1-8.30.1
fixed
suse enterprise sap 12 SP4
16.20.1-8.30.1
fixed
suse enterprise sap 12 SP5
16.20.1-8.30.1
fixed
suse enterprise sap 15 SP4
16.20.1-150400.3.21.1
fixed
suse enterprise server 12
16.20.1-8.30.1
fixed
suse enterprise server 12 SP3
16.20.1-8.30.1
fixed
suse enterprise server 12 SP4
16.20.1-8.30.1
fixed
suse enterprise server 12 SP5
16.20.1-8.30.1
fixed
suse enterprise server 15 SP3
16.20.1-150300.7.24.2
fixed
suse enterprise server 15 SP4
16.20.1-150400.3.21.1
fixed
nodejs18
suse enterprise sap 12
18.16.1-8.9.1
fixed
suse enterprise sap 12 SP3
18.16.1-8.9.1
fixed
suse enterprise sap 12 SP4
18.16.1-8.9.1
fixed
suse enterprise sap 12 SP5
18.16.1-8.9.1
fixed
suse enterprise sap 15 SP4
18.16.1-150400.9.9.1
fixed
suse enterprise sap 15 SP5
18.16.1-150400.9.9.1
fixed
suse enterprise server 12
18.16.1-8.9.1
fixed
suse enterprise server 12 SP3
18.16.1-8.9.1
fixed
suse enterprise server 12 SP4
18.16.1-8.9.1
fixed
suse enterprise server 12 SP5
18.16.1-8.9.1
fixed
suse enterprise server 15 SP4
18.16.1-150400.9.9.1
fixed
suse enterprise server 15 SP5
18.16.1-150400.9.9.1
fixed
nodejs18-devel
suse enterprise sap 12
18.16.1-8.9.1
fixed
suse enterprise sap 12 SP3
18.16.1-8.9.1
fixed
suse enterprise sap 12 SP4
18.16.1-8.9.1
fixed
suse enterprise sap 12 SP5
18.16.1-8.9.1
fixed
suse enterprise sap 15 SP4
18.16.1-150400.9.9.1
fixed
suse enterprise sap 15 SP5
18.16.1-150400.9.9.1
fixed
suse enterprise server 12
18.16.1-8.9.1
fixed
suse enterprise server 12 SP3
18.16.1-8.9.1
fixed
suse enterprise server 12 SP4
18.16.1-8.9.1
fixed
suse enterprise server 12 SP5
18.16.1-8.9.1
fixed
suse enterprise server 15 SP4
18.16.1-150400.9.9.1
fixed
suse enterprise server 15 SP5
18.16.1-150400.9.9.1
fixed
nodejs18-docs
suse enterprise sap 12
18.16.1-8.9.1
fixed
suse enterprise sap 12 SP3
18.16.1-8.9.1
fixed
suse enterprise sap 12 SP4
18.16.1-8.9.1
fixed
suse enterprise sap 12 SP5
18.16.1-8.9.1
fixed
suse enterprise sap 15 SP4
18.16.1-150400.9.9.1
fixed
suse enterprise sap 15 SP5
18.16.1-150400.9.9.1
fixed
suse enterprise server 12
18.16.1-8.9.1
fixed
suse enterprise server 12 SP3
18.16.1-8.9.1
fixed
suse enterprise server 12 SP4
18.16.1-8.9.1
fixed
suse enterprise server 12 SP5
18.16.1-8.9.1
fixed
suse enterprise server 15 SP4
18.16.1-150400.9.9.1
fixed
suse enterprise server 15 SP5
18.16.1-150400.9.9.1
fixed
npm16
suse enterprise sap 12
16.20.1-8.30.1
fixed
suse enterprise sap 12 SP3
16.20.1-8.30.1
fixed
suse enterprise sap 12 SP4
16.20.1-8.30.1
fixed
suse enterprise sap 12 SP5
16.20.1-8.30.1
fixed
suse enterprise sap 15 SP4
16.20.1-150400.3.21.1
fixed
suse enterprise server 12
16.20.1-8.30.1
fixed
suse enterprise server 12 SP3
16.20.1-8.30.1
fixed
suse enterprise server 12 SP4
16.20.1-8.30.1
fixed
suse enterprise server 12 SP5
16.20.1-8.30.1
fixed
suse enterprise server 15 SP3
16.20.1-150300.7.24.2
fixed
suse enterprise server 15 SP4
16.20.1-150400.3.21.1
fixed
npm18
suse enterprise sap 12
18.16.1-8.9.1
fixed
suse enterprise sap 12 SP3
18.16.1-8.9.1
fixed
suse enterprise sap 12 SP4
18.16.1-8.9.1
fixed
suse enterprise sap 12 SP5
18.16.1-8.9.1
fixed
suse enterprise sap 15 SP4
18.16.1-150400.9.9.1
fixed
suse enterprise sap 15 SP5
18.16.1-150400.9.9.1
fixed
suse enterprise server 12
18.16.1-8.9.1
fixed
suse enterprise server 12 SP3
18.16.1-8.9.1
fixed
suse enterprise server 12 SP4
18.16.1-8.9.1
fixed
suse enterprise server 12 SP5
18.16.1-8.9.1
fixed
suse enterprise server 15 SP4
18.16.1-150400.9.9.1
fixed
suse enterprise server 15 SP5
18.16.1-150400.9.9.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
c-ares
RHEL 7
0:1.10.0-3.el7_9.1
fixed
RHEL 8
0:1.13.0-6.el8_8.2
fixed
RHEL 8.1 E4S
0:1.13.0-5.el8_1.1
fixed
RHEL 8.2 AUS
0:1.13.0-5.el8_2.1
fixed
RHEL 8.2 E4S
0:1.13.0-5.el8_2.1
fixed
RHEL 8.2 TUS
0:1.13.0-5.el8_2.1
fixed
RHEL 8.4 AUS
0:1.13.0-5.el8_4.2
fixed
RHEL 8.4 E4S
0:1.13.0-5.el8_4.2
fixed
RHEL 8.4 TUS
0:1.13.0-5.el8_4.2
fixed
RHEL 8.6 AUS
0:1.13.0-6.el8_6.1
fixed
RHEL 8.6 E4S
0:1.13.0-6.el8_6.1
fixed
RHEL 8.6 EUS
0:1.13.0-6.el8_6.1
fixed
RHEL 8.6 TUS
0:1.13.0-6.el8_6.1
fixed
RHEL 8.8 AUS
0:1.13.0-6.el8_8.2
fixed
RHEL 8.8 E4S
0:1.13.0-6.el8_8.2
fixed
RHEL 8.8 EUS
0:1.13.0-6.el8_8.2
fixed
RHEL 8.8 TUS
0:1.13.0-6.el8_8.2
fixed
RHEL 9
0:1.17.1-5.el9_2.1
fixed
c-ares-devel
RHEL 7
0:1.10.0-3.el7_9.1
fixed
RHEL 8
0:1.13.0-6.el8_8.2
fixed
RHEL 8.1 E4S
0:1.13.0-5.el8_1.1
fixed
RHEL 8.2 AUS
0:1.13.0-5.el8_2.1
fixed
RHEL 8.2 E4S
0:1.13.0-5.el8_2.1
fixed
RHEL 8.2 TUS
0:1.13.0-5.el8_2.1
fixed
RHEL 8.4 AUS
0:1.13.0-5.el8_4.2
fixed
RHEL 8.4 E4S
0:1.13.0-5.el8_4.2
fixed
RHEL 8.4 TUS
0:1.13.0-5.el8_4.2
fixed
RHEL 8.6 AUS
0:1.13.0-6.el8_6.1
fixed
RHEL 8.6 E4S
0:1.13.0-6.el8_6.1
fixed
RHEL 8.6 EUS
0:1.13.0-6.el8_6.1
fixed
RHEL 8.6 TUS
0:1.13.0-6.el8_6.1
fixed
RHEL 8.8 AUS
0:1.13.0-6.el8_8.2
fixed
RHEL 8.8 E4S
0:1.13.0-6.el8_8.2
fixed
RHEL 8.8 EUS
0:1.13.0-6.el8_8.2
fixed
RHEL 8.8 TUS
0:1.13.0-6.el8_8.2
fixed
RHEL 9
0:1.17.1-5.el9_2.1
fixed
nodejs
RHEL 9
1:16.19.1-2.el9_2
fixed
nodejs-docs
RHEL 9
1:16.19.1-2.el9_2
fixed
nodejs-full-i18n
RHEL 9
1:16.19.1-2.el9_2
fixed
nodejs-libs
RHEL 9
1:16.19.1-2.el9_2
fixed
npm
RHEL 9
1:8.19.3-1.16.19.1.2.el9_2
fixed
Common Weakness Enumeration
References
https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
https://security.gentoo.org/glsa/202310-09
https://security.netapp.com/advisory/ntap-20240605-0004/
https://www.debian.org/security/2023/dsa-5419
https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
https://security.gentoo.org/glsa/202310-09
https://security.netapp.com/advisory/ntap-20240605-0004/
https://www.debian.org/security/2023/dsa-5419