Unrated severityNVD Advisory· Published Mar 6, 2023· Updated Dec 2, 2025
CVE-2022-4904
CVE-2022-4904
Description
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
Affected products
38- c-ares/c-aresdescription
- osv-coords37 versionspkg:rpm/almalinux/c-arespkg:rpm/almalinux/c-ares-develpkg:rpm/almalinux/nodejspkg:rpm/almalinux/nodejs-develpkg:rpm/almalinux/nodejs-docspkg:rpm/almalinux/nodejs-full-i18npkg:rpm/almalinux/nodejs-libspkg:rpm/almalinux/nodejs-nodemonpkg:rpm/almalinux/nodejs-packagingpkg:rpm/almalinux/nodejs-packaging-bundlerpkg:rpm/almalinux/npmpkg:rpm/opensuse/c-ares&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/c-ares&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/c-ares&distro=openSUSE%20Tumbleweedpkg:rpm/suse/c-ares&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/c-ares&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/c-ares&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/c-ares&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/libcares2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libcares2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libcares2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libcares2&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 1.19.1-1.el9+ 36 more
- (no CPE)range: < 1.19.1-1.el9
- (no CPE)range: < 1.19.1-1.el9
- (no CPE)range: < 1:16.19.1-1.module_el8.7.0+3496+a59a3324
- (no CPE)range: < 1:16.19.1-1.module_el8.7.0+3496+a59a3324
- (no CPE)range: < 1:16.19.1-1.module_el8.7.0+3496+a59a3324
- (no CPE)range: < 1:16.19.1-1.module_el8.7.0+3496+a59a3324
- (no CPE)range: < 1:16.19.1-1.el9_2
- (no CPE)range: < 2.0.20-3.module_el8.7.0+3496+a59a3324
- (no CPE)range: < 25-1.module_el8.5.0+2605+45d748af
- (no CPE)range: < 2021.06-4.module_el9.1.0+13+d9a595ea
- (no CPE)range: < 1:8.19.3-1.16.19.1.1.module_el8.7.0+3496+a59a3324
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-2.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.19.0-150000.3.20.1
- (no CPE)range: < 1.9.1-9.15.1
- (no CPE)range: < 1.9.1-9.15.1
- (no CPE)range: < 1.9.1-9.15.1
- (no CPE)range: < 1.9.1-9.15.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.