Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-4904

A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. (CVE-2022-4904)

Source

ALAS-2023-1780

Amazon Linux AMI Security Advisory: ALAS-2023-1780
Advisory Release Date: 2023-07-05 21:44 Pacific
Advisory Updated Date: 2023-07-19 21:50 Pacific

Severity: Medium

References: CVE-2022-4904
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. (CVE-2022-4904)

Affected Packages:

c-ares

Issue Correction:
Run yum update c-ares to update your system.

New Packages:

i686:
    c-ares-debuginfo-1.17.2-1.10.amzn1.i686
    c-ares-1.17.2-1.10.amzn1.i686
    c-ares-devel-1.17.2-1.10.amzn1.i686

src:
    c-ares-1.17.2-1.10.amzn1.src

x86_64:
    c-ares-1.17.2-1.10.amzn1.x86_64
    c-ares-debuginfo-1.17.2-1.10.amzn1.x86_64
    c-ares-devel-1.17.2-1.10.amzn1.x86_64

Additional References

Red Hat: CVE-2022-4904

Mitre: CVE-2022-4904

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2023-1780

ALAS-2023-1780

Additional References

Vulmon Search

About

Products

Connect