c-ares before 1.17.2 has missing input validation. ``` Missing input validation of host names returned by Domain Name Servers in the c-ares library can lead to output of wrong hostnames (leading to Domain Hijacking). The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2021-3672 to this issue. ``` From: https://c-ares.haxx.se/adv_20210810.html
Thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c06fd172f1183f13dd6802abd5c3585987f4bc86 commit c06fd172f1183f13dd6802abd5c3585987f4bc86 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-08-10 23:45:13 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-08-10 23:45:18 +0000 net-dns/c-ares: add 1.17.2 Now with tests. Bug: https://bugs.gentoo.org/807604 Signed-off-by: Sam James <sam@gentoo.org> net-dns/c-ares/Manifest | 1 + net-dns/c-ares/c-ares-1.17.2.ebuild | 49 +++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=c2152e9dc06608bf6a50d3bdd22ee8bd8bf222ce commit c2152e9dc06608bf6a50d3bdd22ee8bd8bf222ce Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-05 09:27:33 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-05 09:28:02 +0000 [ GLSA 202401-02 ] c-ares: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/807604 Bug: https://bugs.gentoo.org/807775 Bug: https://bugs.gentoo.org/892489 Bug: https://bugs.gentoo.org/905341 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-02.xml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+)