CLSA-2025-1744721593

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1744721593.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2025-1744721593
Upstream
Published
2025-04-15T12:53:19Z
Modified
2026-06-01T00:30:41.926409675Z
Summary
c-ares: Fix of 4 CVEs
Details
  • CVE-2024-25629: fix invalid memory read issue in ares_readline()
  • CVE-2023-31130: fix buffer underflow in aresinetnet_pton() for certain ipv6 addresses
  • CVE-2023-31147: fix issue of using weak random numbers in DNS query ids by replacing rand() with a modern OS-provided CSPRNG like arc4random()
  • CVE-2023-31124: prevent fallback to rand() for entropy generation which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG.
References

Affected packages

TuxCare:AlmaLinux:9.2 / c-ares

Package

Name
c-ares
Purl
pkg:rpm/tuxcare/c-ares?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.17.1-5.el9_2.1.tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1744721593.json"

TuxCare:AlmaLinux:9.2 / c-ares-devel

Package

Name
c-ares-devel
Purl
pkg:rpm/tuxcare/c-ares-devel?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.17.1-5.el9_2.1.tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1744721593.json"