CVE-2023-31130— Buffer Underwrite in ares_inet_net_pton()
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-31130
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Buffer Underwrite in ares_inet_net_pton()
Source: NVD (National Vulnerability Database)
Vulnerability Description
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
缓冲区下溢
Source: NVD (National Vulnerability Database)
Vulnerability Title
c-ares 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
c-ares是c-ares个人开发者的一个用于异步 DNS 请求的 C 库。 c-ares 1.19.1之前版本存在安全漏洞,该漏洞源于存在缓冲区下溢。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2023-31130
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-31130
请登录查看更多情报信息。
- https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1x_refsource_MISC
- https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6vx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2023-31130
Same Patch Batch · c-ares · 2023-05-25 · 4 CVEs total
| CVE-2023-32067 | 7.5 HIGH | 0-byte UDP payload DoS in c-ares |
| CVE-2023-31147 | 5.9 MEDIUM | Insufficient randomness in generation of DNS query IDs in c-ares |
| CVE-2023-31124 | 3.7 LOW | AutoTools does not set CARES_RANDOM_FILE during cross compilation |
IV. Related Vulnerabilities
Same product: c-ares
- CVE-2025-62408
c-ares has a Use After Free vulnerability when connection is - CVE-2025-31498
c-ares has a use-after-free in read_answers() - CVE-2024-25629
c-ares out of bounds read in ares__read_line() - CVE-2023-32067
0-byte UDP payload DoS in c-ares - CVE-2023-31147
Insufficient randomness in generation of DNS query IDs in c-
Same vendor: c-ares
- CVE-2025-62408
c-ares has a Use After Free vulnerability when connection is - CVE-2025-31498
c-ares has a use-after-free in read_answers() - CVE-2024-25629
c-ares out of bounds read in ares__read_line() - CVE-2023-32067
0-byte UDP payload DoS in c-ares - CVE-2023-31147
Insufficient randomness in generation of DNS query IDs in c-
Same weakness: CWE-124
- CVE-2026-5089
YAML::Syck versions before 1.38 for Perl has an out-of-bound - CVE-2026-41499
Wazuh: Multiple Heap-based NULL WRITE Buffer Underflows in p - CVE-2026-26204
Wazuh: Heap-based NULL WRITE Buffer Underflow in GetAlertDat - CVE-2026-0966
Libssh: libssh: denial of service via zero-length input in s - CVE-2026-20104
Cisco多款产品 安全漏洞
V. Comments for CVE-2023-31130
No comments yet