CVE-2022-4904

Improper Input Validation in conan/c-ares

Identifiers

CVE-2022-4904

Package Slug

conan/c-ares

Vulnerability

Improper Input Validation

Description

A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.

Affected Versions

All versions before 1.19.0

Solution

Upgrade to version 1.19.0 or above.

Last Modified

2023-03-15

source