CVE-2023-31130 Information

Description

c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses in particular �::00:00:00/2\ was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.

Reference

https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v