6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
9.1 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.9%
Software: c-ares 1.13.0
OS: ROSA Virtualization 2.1
package_evr_string: c-ares-1.13.0-5.rv3.src.rpm
CVE-ID: CVE-2021-3672
BDU-ID: 2022-00342
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the SI library for DNS c-ares asynchronous queries is associated with failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, compromise its integrity, and cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update c-ares command
CVE-ID: CVE-2022-4904
BDU-ID: 2023-01258
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the ares_set_sortlist function of the c-ares asynchronous DNS query library is related to the lack of input string validation, allowing a possible stack overflow of arbitrary length. Exploitation of the vulnerability could allow an attacker to cause a denial of service or have limited impact on confidentiality and integrity
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update c-ares command
CVE-ID: CVE-2023-32067
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: c-ares is an asynchronous converter library. c-ares is vulnerable to denial of service. If the target inverter sends a request, the attacker forges a garbled UDP packet of length 0 and returns it to the target inverter. The target converter mistakenly interprets length 0 as a valid connection termination.
CVE-STATUS: Fixed
CVE-REV: Run the yum update c-ares command to close.
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
9.1 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.9%