CVE-2020-14354 - OpenCVE

A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Fedoraproject	Fedora
C-ares	C-ares

Configuration 1 [-]

cpe:2.3:a:c-ares:c-ares:1.16.0:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1866838	Exploit Issue Tracking Patch Third Party Advisory
https://c-ares.haxx.se/changelog.html	Release Notes Vendor Advisory
https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e	Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
https://packetstormsecurity.com/files/158755/GS20200804145053.txt	Exploit Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2021-05-13T13:38:56

Updated: 2021-05-13T13:39:35

Reserved: 2020-06-17T00:00:00

Link: CVE-2020-14354

JSON object: View

NVD Information

Status : Modified

Published: 2021-05-13T14:15:17.503

Modified: 2023-11-07T03:17:10.400

Link: CVE-2020-14354

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "c-ares", "vendor": "n/a", "versions": [{"status": "affected", "version": "c-ares 1.16.1"}]}], "descriptions": [{"lang": "en", "value": "A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120->CWE-416", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-13T13:39:35", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2020-43d5a372fc", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838"}, {"tags": ["x_refsource_MISC"], "url": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://c-ares.haxx.se/changelog.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-14354", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "c-ares", "version": {"version_data": [{"version_value": "c-ares 1.16.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120->CWE-416"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2020-43d5a372fc", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838"}, {"name": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt", "refsource": "MISC", "url": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt"}, {"name": "https://c-ares.haxx.se/changelog.html", "refsource": "MISC", "url": "https://c-ares.haxx.se/changelog.html"}, {"name": "https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e", "refsource": "MISC", "url": "https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-14354", "datePublished": "2021-05-13T13:38:56", "dateReserved": "2020-06-17T00:00:00", "dateUpdated": "2021-05-13T13:39:35", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:c-ares:c-ares:1.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "59640538-D3DC-457C-B042-5D2B8F445A46", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability."}, {"lang": "es", "value": "Un posible uso de la memoria previamente liberada y una doble liberaci\u00f3n en c-ares lib versi\u00f3n 1.16.0, si la funci\u00f3n ares_destroy() es llamado antes de completar la funci\u00f3n ares_getaddrinfo(). Este fallo posiblemente permite a un atacante bloquear el servicio que usa c-ares lib. La mayor amenaza de esta vulnerabilidad es la disponibilidad de este servicio"}], "id": "CVE-2020-14354", "lastModified": "2023-11-07T03:17:10.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-13T14:15:17.503", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://c-ares.haxx.se/changelog.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}, {"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "secalert@redhat.com", "type": "Secondary"}]}