Bug 2209502 (CVE-2023-32067) - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service
Summary: CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service
Keywords:
Status: NEW
Alias: CVE-2023-32067
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2209505 2209503 2209504 2209506 2209507 2209508 2209509 2209510 2209511 2209512 2209513 2209514 2209515 2209516 2209517 2209518 2209519 2209520 2209521 2209522 2209523 2209524 2209525 2209526 2209527 2209528 2209529 2209530 2209531 2209532 2209533 2209534 2209535 2209536 2209537 2209538 2214629
Blocks: 2209110
TreeView+ depends on / blocked
 
Reported: 2023-05-24 04:14 UTC by Sandipan Roy
Modified: 2024-02-01 09:01 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:3603 0 None None None 2023-06-14 18:03:12 UTC
Red Hat Product Errata RHBA-2023:3657 0 None None None 2023-06-19 00:24:50 UTC
Red Hat Product Errata RHBA-2023:3666 0 None None None 2023-06-19 13:27:38 UTC
Red Hat Product Errata RHBA-2023:3679 0 None None None 2023-06-20 10:45:01 UTC
Red Hat Product Errata RHBA-2023:3896 0 None None None 2023-06-28 08:00:55 UTC
Red Hat Product Errata RHBA-2023:4045 0 None None None 2023-07-13 01:00:19 UTC
Red Hat Product Errata RHBA-2023:4046 0 None None None 2023-07-13 01:06:14 UTC
Red Hat Product Errata RHBA-2023:4077 0 None None None 2023-07-13 11:35:23 UTC
Red Hat Product Errata RHBA-2023:4078 0 None None None 2023-07-13 11:42:15 UTC
Red Hat Product Errata RHBA-2023:4098 0 None None None 2023-07-17 06:51:28 UTC
Red Hat Product Errata RHSA-2023:3559 0 None None None 2023-06-12 08:11:11 UTC
Red Hat Product Errata RHSA-2023:3577 0 None None None 2023-06-14 07:27:20 UTC
Red Hat Product Errata RHSA-2023:3583 0 None None None 2023-06-14 07:59:07 UTC
Red Hat Product Errata RHSA-2023:3584 0 None None None 2023-06-14 08:09:10 UTC
Red Hat Product Errata RHSA-2023:3586 0 None None None 2023-06-14 08:39:15 UTC
Red Hat Product Errata RHSA-2023:3660 0 None None None 2023-06-19 08:00:02 UTC
Red Hat Product Errata RHSA-2023:3662 0 None None None 2023-06-19 08:58:48 UTC
Red Hat Product Errata RHSA-2023:3665 0 None None None 2023-06-19 13:01:10 UTC
Red Hat Product Errata RHSA-2023:3677 0 None None None 2023-06-20 07:13:39 UTC
Red Hat Product Errata RHSA-2023:3741 0 None None None 2023-06-21 15:02:35 UTC
Red Hat Product Errata RHSA-2023:4033 0 None None None 2023-07-12 08:26:19 UTC
Red Hat Product Errata RHSA-2023:4034 0 None None None 2023-07-12 08:25:24 UTC
Red Hat Product Errata RHSA-2023:4035 0 None None None 2023-07-12 08:25:21 UTC
Red Hat Product Errata RHSA-2023:4036 0 None None None 2023-07-12 08:12:38 UTC
Red Hat Product Errata RHSA-2023:4039 0 None None None 2023-07-12 08:24:19 UTC

Description Sandipan Roy 2023-05-24 04:14:54 UTC
CVE-2023-32067. 0-byte UDP payload causes Denial of Service 
(https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc)

Comment 1 Sandipan Roy 2023-05-24 04:21:54 UTC
Created c-ares tracking bugs for this issue:

Affects: fedora-all [bug 2209506]


Created mingw-c-ares tracking bugs for this issue:

Affects: fedora-all [bug 2209507]


Created nodejs tracking bugs for this issue:

Affects: epel-7 [bug 2209504]


Created nodejs16 tracking bugs for this issue:

Affects: fedora-all [bug 2209508]


Created nodejs18 tracking bugs for this issue:

Affects: fedora-all [bug 2209509]


Created nodejs20 tracking bugs for this issue:

Affects: fedora-all [bug 2209510]


Created nodejs:13/nodejs tracking bugs for this issue:

Affects: epel-8 [bug 2209505]


Created nodejs:16/c-ares tracking bugs for this issue:

Affects: fedora-all [bug 2209511]

Comment 3 errata-xmlrpc 2023-06-12 08:11:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3559 https://access.redhat.com/errata/RHSA-2023:3559

Comment 5 errata-xmlrpc 2023-06-14 07:27:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3577 https://access.redhat.com/errata/RHSA-2023:3577

Comment 6 errata-xmlrpc 2023-06-14 07:59:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:3583 https://access.redhat.com/errata/RHSA-2023:3583

Comment 7 errata-xmlrpc 2023-06-14 08:09:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3584 https://access.redhat.com/errata/RHSA-2023:3584

Comment 8 errata-xmlrpc 2023-06-14 08:39:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3586 https://access.redhat.com/errata/RHSA-2023:3586

Comment 9 errata-xmlrpc 2023-06-19 08:00:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:3660 https://access.redhat.com/errata/RHSA-2023:3660

Comment 10 errata-xmlrpc 2023-06-19 08:58:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3662 https://access.redhat.com/errata/RHSA-2023:3662

Comment 11 errata-xmlrpc 2023-06-19 13:01:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:3665 https://access.redhat.com/errata/RHSA-2023:3665

Comment 12 errata-xmlrpc 2023-06-20 07:13:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:3677 https://access.redhat.com/errata/RHSA-2023:3677

Comment 13 errata-xmlrpc 2023-06-21 15:02:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:3741 https://access.redhat.com/errata/RHSA-2023:3741

Comment 15 errata-xmlrpc 2023-07-12 08:12:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4036 https://access.redhat.com/errata/RHSA-2023:4036

Comment 16 errata-xmlrpc 2023-07-12 08:24:18 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2023:4039 https://access.redhat.com/errata/RHSA-2023:4039

Comment 17 errata-xmlrpc 2023-07-12 08:25:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4035 https://access.redhat.com/errata/RHSA-2023:4035

Comment 18 errata-xmlrpc 2023-07-12 08:25:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4034 https://access.redhat.com/errata/RHSA-2023:4034

Comment 19 errata-xmlrpc 2023-07-12 08:26:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:4033 https://access.redhat.com/errata/RHSA-2023:4033


Note You need to log in before you can comment on or make changes to this bug.