Debian 9886 Published by

A c-ares security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address a buffer overflow vulnerability.



ELA-946-1 c-ares security update

Package : c-ares
Version : 1.10.0-2+deb8u7 (jessie), 1.12.0-1+deb9u6 (stretch)

Related CVEs :
CVE-2020-22217

A vulnerability has been identified in c-ares, an asynchronous name
resolver library:

CVE-2020-22217
A buffer overflow vulnerability has been found in c-ares before
via the function ares_parse_soa_reply in ares_parse_soa_reply.c.
This vulnerability was discovered through fuzzing. Exploitation
of this vulnerability may allow an attacker to execute arbitrary
code or cause a denial of service condition.

ELA-946-1 c-ares security update