A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
CPE | Name | Operator | Version |
---|---|---|---|
c-ares | lt | 1.19.0 | |
fedora | eq | 36 | |
enterprise_linux | eq | 8.0 | |
enterprise_linux | eq | 9.0 |