ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() (https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v)
Created c-ares tracking bugs for this issue: Affects: fedora-all [bug 2209542] Created mingw-c-ares tracking bugs for this issue: Affects: fedora-all [bug 2209543] Created nodejs tracking bugs for this issue: Affects: epel-7 [bug 2209539] Created nodejs16 tracking bugs for this issue: Affects: fedora-38 [bug 2209548] Created nodejs18 tracking bugs for this issue: Affects: fedora-all [bug 2209545] Created nodejs20 tracking bugs for this issue: Affects: fedora-all [bug 2209546] Created nodejs:13/nodejs tracking bugs for this issue: Affects: epel-8 [bug 2209540] Created nodejs:16-epel/nodejs tracking bugs for this issue: Affects: epel-8 [bug 2209541] Created nodejs:16/c-ares tracking bugs for this issue: Affects: fedora-all [bug 2209547]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:3577 https://access.redhat.com/errata/RHSA-2023:3577
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:3586 https://access.redhat.com/errata/RHSA-2023:3586
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4036 https://access.redhat.com/errata/RHSA-2023:4036
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:4039 https://access.redhat.com/errata/RHSA-2023:4039
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4035 https://access.redhat.com/errata/RHSA-2023:4035
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4034 https://access.redhat.com/errata/RHSA-2023:4034
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4033 https://access.redhat.com/errata/RHSA-2023:4033
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6635 https://access.redhat.com/errata/RHSA-2023:6635
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7207 https://access.redhat.com/errata/RHSA-2023:7207
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:7392 https://access.redhat.com/errata/RHSA-2023:7392
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2023:7543 https://access.redhat.com/errata/RHSA-2023:7543