In ares_set_sortlist, it calls config_sortlist(..., sortstr) to parse the input str and initialize a sortlist configuration. However, ares_set_sortlist has not any checks about the validity of the input str. It is very easy to create an arbitrary length stack overflow with the unchecked memcpy(ipbuf, str, q-str); and memcpy(ipbufpfx, str, q-str); statements in the config_sortlist call, which could potentially cause severe security impact in practical programs.
Created c-ares tracking bugs for this issue: Affects: fedora-all [bug 2170860] Created nodejs:14/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2170861] Created nodejs:16/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2170862] Created nodejs:18/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2170863]
*** Bug 2165777 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:1533 https://access.redhat.com/errata/RHSA-2023:1533
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1582 https://access.redhat.com/errata/RHSA-2023:1582
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:1742 https://access.redhat.com/errata/RHSA-2023:1742
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1743 https://access.redhat.com/errata/RHSA-2023:1743
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:1744 https://access.redhat.com/errata/RHSA-2023:1744
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2654 https://access.redhat.com/errata/RHSA-2023:2654
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2655 https://access.redhat.com/errata/RHSA-2023:2655
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-4904
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4035 https://access.redhat.com/errata/RHSA-2023:4035
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:5533 https://access.redhat.com/errata/RHSA-2023:5533
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:6291 https://access.redhat.com/errata/RHSA-2023:6291
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6635 https://access.redhat.com/errata/RHSA-2023:6635
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7116 https://access.redhat.com/errata/RHSA-2023:7116
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2023:7368 https://access.redhat.com/errata/RHSA-2023:7368
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2023:7543 https://access.redhat.com/errata/RHSA-2023:7543