rpm package
suse/c-ares&distro=SUSE Linux Enterprise Module for Basesystem 15 SP2
pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3672 | — | < 1.17.1+20200724-3.14.1 | 1.17.1+20200724-3.14.1 | Nov 23, 2021 | A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality | ||
| CVE-2020-8277 | — | < 1.17.0-3.8.1 | 1.17.0-3.8.1 | Nov 19, 2020 | A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed i |
- CVE-2021-3672Nov 23, 2021affected < 1.17.1+20200724-3.14.1fixed 1.17.1+20200724-3.14.1
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality
- CVE-2020-8277Nov 19, 2020affected < 1.17.0-3.8.1fixed 1.17.0-3.8.1
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed i