{"id":"CVE-2023-32067","summary":"0-byte UDP payload DoS in c-ares","details":"c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.","aliases":["GHSA-9g78-jv2r-p7vc"],"modified":"2026-04-02T08:30:46.208697Z","published":"2023-05-25T22:49:55.860Z","related":["ALSA-2023:3559","ALSA-2023:3577","ALSA-2023:3584","ALSA-2023:3586","ALSA-2023:4034","ALSA-2023:4035","CGA-g98h-m644-mg65","SUSE-SU-2023:2313-1","SUSE-SU-2023:2477-1","SUSE-SU-2023:2655-1","SUSE-SU-2023:2662-1","SUSE-SU-2023:2663-1","SUSE-SU-2023:2669-1","SUSE-SU-2023:2861-1","openSUSE-SU-2024:12951-1"],"database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/32xxx/CVE-2023-32067.json","cwe_ids":["CWE-400"]},"references":[{"type":"WEB","url":"https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/32xxx/CVE-2023-32067.json"},{"type":"ADVISORY","url":"https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32067"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202310-09"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240605-0004/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5419"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/c-ares/c-ares","events":[{"introduced":"0"},{"fixed":"6360e96b5cf8e5980c887ce58ef727e53d77243a"}]}],"versions":["c-ares-1_17_0","c-ares-1_2_0","cares-1_10_0","cares-1_11_0","cares-1_11_0-rc1","cares-1_12_0","cares-1_13_0","cares-1_14_0","cares-1_15_0","cares-1_16_0","cares-1_16_1","cares-1_17_1","cares-1_17_2","cares-1_18_0","cares-1_18_1","cares-1_19_0","cares-1_1_0","cares-1_2_1","cares-1_3_1","cares-1_3_2","cares-1_4_0","cares-1_5_0","cares-1_5_1","cares-1_5_2","cares-1_5_3","cares-1_6_0","cares-1_7_0","cares-1_7_1","cares-1_7_2","cares-1_7_3","cares-1_7_4","cares-1_7_5","cares-1_8_0","cares-1_9_0","cares-1_9_1","curl-7_10_8","curl-7_11_0","curl-7_11_1","curl-7_12_0","curl-7_12_1","curl-7_12_2","curl-7_13_0","curl-7_13_1","curl-7_13_2","curl-7_14_0","curl-7_14_1","curl-7_15_0","curl-7_15_1","curl-7_15_3","curl-7_15_4","curl-7_15_5","curl-7_15_6-prepipeline","curl-7_16_0","curl-7_16_1","curl-7_16_2","curl-7_16_3","curl-7_16_4","curl-7_17_0","curl-7_17_1","curl-7_18_0","curl-7_18_1","curl-7_18_2","curl-7_19_0","curl-7_19_2","curl-7_19_3","curl-7_19_4","curl-7_19_5","curl-7_19_6","curl-7_19_7","curl-7_20_0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-32067.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}