Lucene search
PRIOn knowledge basePRION:CVE-2023-31124HistoryMay 25, 2023 - 10:15 p.m.
Cross site scripting
2023-05-2522:15:00
PRIOn knowledge base
www.prio-n.com
8
cross site scripting
c-ares
asynchronous resolver
autotools
entropy
csprng
patch
nvd
aarch64 android
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.
References
github.com/c-ares/c-ares/releases/tag/cares-1_19_1
github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4
lists.fedoraproject.org/archives/list/[email protected]/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
lists.fedoraproject.org/archives/list/[email protected]/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
security.gentoo.org/glsa/202310-09
Related
ubuntucve
ubuntucve
CVE-2023-31124
2023-05-25 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-31124 affecting package c-ares 1.19.0-1
2023-06-27 21:25:25
amazon
amazon
Low: c-ares
2024-01-19 01:51:00
osv
osv
CVE-2023-31124
2023-05-25 22:15:09
Important: nodejs:16 security update
2023-08-31 16:54:34
Important: nodejs security update
2023-06-14 00:00:00
gitlab
gitlab
Use of Insufficiently Random Values
2023-05-25 00:00:00
redhatcve
redhatcve
CVE-2023-31124
2023-05-24 04:11:20
nessus
nessus
Amazon Linux 2 : c-ares (ALAS-2024-2429)
2024-01-23 00:00:00
RHEL 8 : c-ares (Unpatched Vulnerability)
2024-06-03 00:00:00
EulerOS Virtualization 2.11.0 : c-ares (EulerOS-SA-2023-3066)
2024-01-16 00:00:00
cve
cve
CVE-2023-31124
2023-05-25 22:15:09
cvelist
cvelist
nvd
nvd
CVE-2023-31124
2023-05-25 22:15:09
cgr
cgr
CVE-2023-31124 vulnerabilities
2024-05-19 03:07:16
debiancve
debiancve
CVE-2023-31124
2023-05-25 22:15:09
wolfi
wolfi
CVE-2023-31124 vulnerabilities
2024-07-01 09:08:36
openvas
openvas
Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-2828)
2023-09-20 00:00:00
Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-3049)
2023-10-31 00:00:00
Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-3066)
2023-10-31 00:00:00
redos
redos
ROS-20240404-02
2024-04-04 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
2023-08-30 14:40:17
almalinux
almalinux
Important: nodejs:18 security update
2023-06-14 00:00:00
Important: nodejs:16 security update
2023-07-12 00:00:00
Important: nodejs security update
2023-06-14 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: c-ares-1.19.1-1.fc37
2023-05-28 02:57:44
[SECURITY] Fedora 38 Update: c-ares-1.19.1-1.fc38
2023-05-26 01:52:50
redhat
redhat
(RHSA-2023:4034) Important: nodejs:16 security update
2023-07-12 07:52:13
(RHSA-2023:4039) Important: rh-nodejs14-nodejs security update
2023-07-12 07:59:32
(RHSA-2023:3586) Important: nodejs security update
2023-06-14 07:57:52
oraclelinux
oraclelinux
18 security update
2023-06-15 00:00:00
nodejs security update
2023-06-15 00:00:00
nodejs:16 security update
2023-07-19 00:00:00
gentoo
gentoo
c-ares: Multiple Vulnerabilities
2023-10-08 00:00:00
rocky
rocky
nodejs:16 security update
2023-08-31 16:54:34
nodejs:18 security update
2023-06-24 18:53:41
nodejs:18 security update
2023-08-31 16:54:34
slackware
slackware
[slackware-security] c-ares
2023-05-22 19:09:04
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0084
2023-08-30 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0015
2023-05-29 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0649
2023-09-14 00:00:00
ics
ics
Siemens SINEC NMS
2024-02-15 12:00:00
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47