Discover Security Vulnerabilities News
Mitigations for Critical c-ares DoS, Code Execution Bug Released
A critical buffer overflow vulnerability has been found in c-ares before 1_16_1 thru 1_17_0 via the function ares_parse_soa_reply in ares_parse_soa_reply.c (CVE-2020-22217). Due to how simple this bug is to exploit and its significant threat to the confidentiality, integrity, and availability of impacted systems, it has received a National Vulnerability Database base score of 9.8 out of 10 (“Critical” severity).
Exploitation of this flaw could allow an attacker to execute arbitrary code or cause a denial of service (DoS) condition.
A crucial c-ares security update has been released to fix this severe flaw. We urge all impacted users to apply the updates issued by Debian LTS as soon as possible to prevent attacks potentially resulting in inconvenient, costly downtime and system compromise.
To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user, subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.
Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).