The config_sortlist function is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow and thus may cause a denial of service. (CVE-2022-4904)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchc-ares< 1.17.1-1.2c-ares-1.17.1-1.2.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	c-ares	< 1.17.1-1.2	c-ares-1.17.1-1.2.mga8

References

bugs.mageia.org/show_bug.cgi?id=31573

www.debian.org/lts/security/2023/dla-3323

nessus 60

cbl_mariner 10

openvas 20

osv 14

ubuntucve 1

redos 1

almalinux 7

debian 1

ubuntu 1

prion 1

fedora 2

cvelist 1

redhat 16

oraclelinux 7

f5 1

debiancve 1

amazon 2

nvd 1

redhatcve 1

cve 1

gitlab 1

ibm 3

photon 2

rosalinux 2

rocky 4

gentoo 1

ics 1

tenable 1

nessus

EulerOS 2.0 SP10 : c-ares (EulerOS-SA-2023-1970)

2023-05-18 00:00:00

EulerOS Virtualization 2.9.0 : c-ares (EulerOS-SA-2023-2013)

2023-06-02 00:00:00

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : c-ares vulnerability (USN-5907-1)

2023-03-02 00:00:00

cbl_mariner

CVE-2022-4904 affecting package nodejs for versions less than 16.20.1-2

2023-08-03 02:51:21

CVE-2022-4904 affecting package grpc for versions less than 1.62.0-2

2024-04-17 22:02:46

CVE-2022-4904 affecting package nodejs 14.21.3-1

2024-07-02 03:08:33

openvas

Fedora: Security Advisory for c-ares (FEDORA-2023-30e81e5293)

2023-03-08 00:00:00

Debian: Security Advisory (DLA-3323-1)

2023-02-19 00:00:00

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-1970)

2023-05-18 00:00:00

osv

c-ares vulnerability

2023-03-02 12:48:30

c-ares - security update

2023-02-18 00:00:00

Moderate: c-ares security update

2023-11-14 00:00:00

ubuntucve

CVE-2022-4904

2023-02-15 00:00:00

redos

ROS-20230316-01

2023-03-16 00:00:00

almalinux

Moderate: c-ares security update

2023-11-14 00:00:00

Moderate: c-ares security, bug fix, and enhancement update

2023-11-07 00:00:00

Important: nodejs:18 security update

2023-07-12 00:00:00

debian

[SECURITY] [DLA 3323-1] c-ares security update

2023-02-18 22:55:21

ubuntu

c-ares vulnerability

2023-03-02 00:00:00

prion

Stack overflow

2023-03-06 23:15:00

fedora

[SECURITY] Fedora 37 Update: c-ares-1.19.0-1.fc37

2023-02-23 02:21:41

[SECURITY] Fedora 36 Update: c-ares-1.19.0-1.fc36

2023-03-08 01:22:23

cvelist

CVE-2022-4904

2023-03-06 00:00:00

redhat

(RHSA-2023:6291) Moderate: c-ares security update

2023-11-02 15:39:01

(RHSA-2023:7368) Moderate: c-ares security update

2023-11-21 08:12:35

(RHSA-2023:7116) Moderate: c-ares security update

2023-11-14 08:45:36

oraclelinux

c-ares security update

2023-11-17 00:00:00

c-ares security, bug fix, and enhancement update

2023-11-11 00:00:00

nodejs:18 security update

2023-07-19 00:00:00

K000138651: c-ares vulnerability CVE-2022-4904

2024-02-19 00:00:00

debiancve

CVE-2022-4904

2023-03-06 23:15:11

amazon

Medium: c-ares

2023-07-05 21:44:00

Medium: c-ares

2024-01-03 21:04:00

nvd

CVE-2022-4904

2023-03-06 23:15:11

redhatcve

CVE-2022-4904

2023-02-15 10:29:26

cve

CVE-2022-4904

2023-03-06 23:15:11

gitlab

Improper Input Validation

2023-03-06 00:00:00

ibm

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and arbitrary code execution due to [CVE-2022-4904], [CVE-2023-32067]

2023-07-28 14:31:55

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

2023-09-12 16:08:20

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

2023-06-07 16:53:53

photon

Important Photon OS Security Update - PHSA-2023-3.0-0552

2023-03-17 00:00:00

Critical Photon OS Security Update - PHSA-2023-4.0-0365

2023-03-27 00:00:00

rosalinux

Advisory ROSA-SA-2023-2246

2023-10-17 12:06:48

Advisory ROSA-SA-2023-2284

2023-10-31 14:04:36

rocky

nodejs:18 security update

2023-08-31 16:54:34

nodejs and nodejs-nodemon security, bug fix, and enhancement update

2023-05-25 19:53:09

nodejs:14 security, bug fix, and enhancement update

2023-04-26 15:28:13

gentoo

c-ares: Multiple Vulnerabilities

2024-01-05 00:00:00

ics

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

0.001 Low

EPSS

Percentile

26.2%

JSON

Related for MGASA-2023-0069