Bug 2209502 (CVE-2023-32067)

Summary: CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service
Product: [Other] Security Response Reporter: Sandipan Roy <saroy>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: atikhono, hhorak, jorton, nodejs-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2209504, 2209505, 2209507, 2209508, 2209509, 2209510, 2209511, 2209503, 2209506, 2209512, 2209513, 2209514, 2209515, 2209516, 2209517, 2209518, 2209519, 2209520, 2209521, 2209522, 2209523, 2209524, 2209525, 2209526, 2209527, 2209528, 2209529, 2209530, 2209531, 2209532, 2209533, 2209534, 2209535, 2209536, 2209537, 2209538, 2214629    
Bug Blocks: 2209110    

Description Sandipan Roy 2023-05-24 04:14:54 UTC 
CVE-2023-32067. 0-byte UDP payload causes Denial of Service 
(https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc)
Comment 1 Sandipan Roy 2023-05-24 04:21:54 UTC 
Created c-ares tracking bugs for this issue:

Affects: fedora-all [bug 2209506]


Created mingw-c-ares tracking bugs for this issue:

Affects: fedora-all [bug 2209507]


Created nodejs tracking bugs for this issue:

Affects: epel-7 [bug 2209504]


Created nodejs16 tracking bugs for this issue:

Affects: fedora-all [bug 2209508]


Created nodejs18 tracking bugs for this issue:

Affects: fedora-all [bug 2209509]


Created nodejs20 tracking bugs for this issue:

Affects: fedora-all [bug 2209510]


Created nodejs:13/nodejs tracking bugs for this issue:

Affects: epel-8 [bug 2209505]


Created nodejs:16/c-ares tracking bugs for this issue:

Affects: fedora-all [bug 2209511]
Comment 3 errata-xmlrpc 2023-06-12 08:11:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3559 https://access.redhat.com/errata/RHSA-2023:3559
Comment 5 errata-xmlrpc 2023-06-14 07:27:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3577 https://access.redhat.com/errata/RHSA-2023:3577
Comment 6 errata-xmlrpc 2023-06-14 07:59:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:3583 https://access.redhat.com/errata/RHSA-2023:3583
Comment 7 errata-xmlrpc 2023-06-14 08:09:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3584 https://access.redhat.com/errata/RHSA-2023:3584
Comment 8 errata-xmlrpc 2023-06-14 08:39:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3586 https://access.redhat.com/errata/RHSA-2023:3586
Comment 9 errata-xmlrpc 2023-06-19 08:00:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:3660 https://access.redhat.com/errata/RHSA-2023:3660
Comment 10 errata-xmlrpc 2023-06-19 08:58:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3662 https://access.redhat.com/errata/RHSA-2023:3662
Comment 11 errata-xmlrpc 2023-06-19 13:01:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:3665 https://access.redhat.com/errata/RHSA-2023:3665
Comment 12 errata-xmlrpc 2023-06-20 07:13:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:3677 https://access.redhat.com/errata/RHSA-2023:3677
Comment 13 errata-xmlrpc 2023-06-21 15:02:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:3741 https://access.redhat.com/errata/RHSA-2023:3741
Comment 15 errata-xmlrpc 2023-07-12 08:12:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4036 https://access.redhat.com/errata/RHSA-2023:4036
Comment 16 errata-xmlrpc 2023-07-12 08:24:18 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2023:4039 https://access.redhat.com/errata/RHSA-2023:4039
Comment 17 errata-xmlrpc 2023-07-12 08:25:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4035 https://access.redhat.com/errata/RHSA-2023:4035
Comment 18 errata-xmlrpc 2023-07-12 08:25:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4034 https://access.redhat.com/errata/RHSA-2023:4034
Comment 19 errata-xmlrpc 2023-07-12 08:26:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:4033 https://access.redhat.com/errata/RHSA-2023:4033