Oval Definition:	oval:org.opensuse.security:def:202331130
Revision Date: 2023-06-22 Version: 1 Title: CVE-2023-31130 Description: c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2023-31130 SUSE CVE-2023-31130 SUSE-CU-2023:1678-1 SUSE-CU-2023:1679-1 SUSE-IU-2023:337-1 SUSE-IU-2023:338-1 SUSE-IU-2023:347-1 SUSE-IU-2023:348-1 SUSE-IU-2023:349-1 SUSE-SU-2023:2313-1 SUSE-SU-2023:2477-1 Platform(s): SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP5 Product(s): Definition Synopsis Release Information SUSE Linux Enterprise Desktop 15 SP5 is installed OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed OR SUSE Linux Enterprise Server 15 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed AND Package Information c-ares-devel-1.19.1-150000.3.23.1 is installed OR libcares2-1.19.1-150000.3.23.1 is installed
BACK