Arch Linux Security Advisory ASA-202011-18
Date : 2020-11-19
CVE-ID : CVE-2020-8277
Package : c-ares
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-1280
The package c-ares
before version 1.17.1-1 is vulnerable to denial of
Upgrade to 1.17.1-1.
# pacman -Syu "c-ares
The problem has been fixed upstream in version 1.17.1.
A application that allows an attacker to trigger a DNS request for a
host of their choice could trigger a Denial of Service by getting the
application to resolve a DNS record with a larger number of responses.
An remote malicious attacker might be able to crash the application
with a crafted DNS response.