Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 906964 (CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067) - <net-dns/c-ares-1.19.1: Multiple vulnerabilities
Summary: <net-dns/c-ares-1.19.1: Multiple vulnerabilities
Alias: CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa? cleanup]
Depends on: 908618
  Show dependency tree
Reported: 2023-05-23 03:38 UTC by Sam James
Modified: 2023-08-19 05:44 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-05-23 03:38:58 UTC
From (with CVE links added):
 c-ares version 1.19.1 - May 22 2023


    CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service (
    CVE-2023-31147 Moderate. Insufficient randomness in generation of DNS query IDs (
    CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() (
    CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross compilation (
Comment 1 Larry the Git Cow gentoo-dev 2023-05-23 03:40:23 UTC
The bug has been referenced in the following commit(s):

commit e390c358ad849784b280deaa023250aebf5f7f1b
Author:     Sam James <>
AuthorDate: 2023-05-23 03:39:22 +0000
Commit:     Sam James <>
CommitDate: 2023-05-23 03:39:22 +0000

    net-dns/c-ares: add 1.19.1
    Signed-off-by: Sam James <>

 net-dns/c-ares/Manifest             |  2 ++
 net-dns/c-ares/c-ares-1.19.1.ebuild | 70 +++++++++++++++++++++++++++++++++++++
 2 files changed, 72 insertions(+)