{"api_version":"1","generated_at":"2026-04-22T23:31:10+00:00","cve":"CVE-2023-32067","urls":{"html":"https://cve.report/CVE-2023-32067","api":"https://cve.report/api/cve/CVE-2023-32067.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-32067","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-32067"},"summary":{"title":"CVE-2023-32067","description":"c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2023-05-25 23:15:00","updated_at":"2023-10-31 16:06:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc","name":"https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc","refsource":"MISC","tags":[],"title":"0-byte UDP payload Denial of Service · Advisory · c-ares/c-ares · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 38 Update: c-ares-1.19.1-1.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1","name":"https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1","refsource":"MISC","tags":[],"title":"Release 1.19.1 · c-ares/c-ares · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html","name":"https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html","refsource":"MISC","tags":[],"title":"[SECURITY] [DLA 3471-1] c-ares security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202310-09","name":"https://security.gentoo.org/glsa/202310-09","refsource":"MISC","tags":[],"title":"c-ares: Multiple Vulnerabilities (GLSA 202310-09) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2023/dsa-5419","name":"https://www.debian.org/security/2023/dsa-5419","refsource":"MISC","tags":[],"title":"Debian -- Security Information -- DSA-5419-1 c-ares","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 37 Update: c-ares-1.19.1-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-32067","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32067","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"32067","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"c-ares_project","cpe5":"c-ares","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"32067","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"32067","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"32067","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"32067","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"38","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-32067","qid":"160727","title":"Oracle Enterprise Linux Security Update for c-ares (ELSA-2023-3559)"},{"cve":"CVE-2023-32067","qid":"160732","title":"Oracle Enterprise Linux Security Update for nodejs (ELSA-2023-3586)"},{"cve":"CVE-2023-32067","qid":"160734","title":"Oracle Enterprise Linux Security Update for c-ares (ELSA-2023-3584)"},{"cve":"CVE-2023-32067","qid":"160740","title":"Oracle Enterprise Linux Security Update for 18 (ELSA-2023-3577)"},{"cve":"CVE-2023-32067","qid":"160749","title":"Oracle Enterprise Linux Security Update for c-ares (ELSA-2023-3741)"},{"cve":"CVE-2023-32067","qid":"160788","title":"Oracle Enterprise Linux Security Update for nodejs:16 (ELSA-2023-4034)"},{"cve":"CVE-2023-32067","qid":"160794","title":"Oracle Enterprise Linux Security Update for nodejs:18 (ELSA-2023-4035)"},{"cve":"CVE-2023-32067","qid":"181829","title":"Debian Security Update for c-ares (DSA 5419-1)"},{"cve":"CVE-2023-32067","qid":"183112","title":"Debian Security Update for c-ares (CVE-2023-32067)"},{"cve":"CVE-2023-32067","qid":"199418","title":"Ubuntu Security Notification for c-ares Vulnerabilities (USN-6164-1)"},{"cve":"CVE-2023-32067","qid":"241698","title":"Red Hat Update for c-ares (RHSA-2023:3559)"},{"cve":"CVE-2023-32067","qid":"241702","title":"Red Hat Update for nodejs:18 (RHSA-2023:3577)"},{"cve":"CVE-2023-32067","qid":"241710","title":"Red Hat Update for c-ares (RHSA-2023:3584)"},{"cve":"CVE-2023-32067","qid":"241717","title":"Red Hat Update for c-ares (RHSA-2023:3583)"},{"cve":"CVE-2023-32067","qid":"241724","title":"Red Hat Update for nodejs (RHSA-2023:3586)"},{"cve":"CVE-2023-32067","qid":"241728","title":"Red Hat Update for c-ares (RHSA-2023:3665)"},{"cve":"CVE-2023-32067","qid":"241729","title":"Red Hat Update for c-ares (RHSA-2023:3660)"},{"cve":"CVE-2023-32067","qid":"241730","title":"Red Hat Update for c-ares (RHSA-2023:3662)"},{"cve":"CVE-2023-32067","qid":"241731","title":"Red Hat Update for c-ares (RHSA-2023:3677)"},{"cve":"CVE-2023-32067","qid":"241735","title":"Red Hat Update for c-ares (RHSA-2023:3741)"},{"cve":"CVE-2023-32067","qid":"241786","title":"Red Hat Update for rh-nodejs14-nodejs (RHSA-2023:4039)"},{"cve":"CVE-2023-32067","qid":"241787","title":"Red Hat Update for nodejs (RHSA-2023:4036)"},{"cve":"CVE-2023-32067","qid":"241788","title":"Red Hat Update for nodejs:18 (RHSA-2023:4035)"},{"cve":"CVE-2023-32067","qid":"241790","title":"Red Hat Update for nodejs:16 (RHSA-2023:4033)"},{"cve":"CVE-2023-32067","qid":"241792","title":"Red Hat Update for nodejs:16 (RHSA-2023:4034)"},{"cve":"CVE-2023-32067","qid":"257242","title":"CentOS Security Update for c-ares (CESA-2023:3741)"},{"cve":"CVE-2023-32067","qid":"284001","title":"Fedora Security Update for c (FEDORA-2023-ae97529c00)"},{"cve":"CVE-2023-32067","qid":"284101","title":"Fedora Security Update for c (FEDORA-2023-520848815b)"},{"cve":"CVE-2023-32067","qid":"355414","title":"Amazon Linux Security Advisory for c-ares : ALAS2023-2023-198"},{"cve":"CVE-2023-32067","qid":"355556","title":"Amazon Linux Security Advisory for c-ares : ALAS-2023-1770"},{"cve":"CVE-2023-32067","qid":"355588","title":"Amazon Linux Security Advisory for c-ares : ALAS2-2023-2127"},{"cve":"CVE-2023-32067","qid":"356117","title":"Amazon Linux Security Advisory for ecs-service-connect-agent : ALAS2023-2023-344"},{"cve":"CVE-2023-32067","qid":"356246","title":"Amazon Linux Security Advisory for ecs-service-connect-agent : ALASECS-2023-007"},{"cve":"CVE-2023-32067","qid":"356347","title":"Amazon Linux Security Advisory for c-ares : AL2012-2023-450"},{"cve":"CVE-2023-32067","qid":"356504","title":"Amazon Linux Security Advisory for ecs-service-connect-agent : ALAS2ECS-2023-007"},{"cve":"CVE-2023-32067","qid":"378619","title":"Alibaba Cloud Linux Security Update for c-ares (ALINUX2-SA-2023:0028)"},{"cve":"CVE-2023-32067","qid":"378623","title":"Alibaba Cloud Linux Security Update for c-ares (ALINUX3-SA-2023:0052)"},{"cve":"CVE-2023-32067","qid":"378787","title":"F5 BIG-IP Denial of Service (DoS) Vulnerability (K000135831)"},{"cve":"CVE-2023-32067","qid":"6000134","title":"Debian Security Update for c-ares (DLA 3471-1)"},{"cve":"CVE-2023-32067","qid":"673217","title":"EulerOS Security Update for c-ares (EulerOS-SA-2023-2348)"},{"cve":"CVE-2023-32067","qid":"673242","title":"EulerOS Security Update for c-ares (EulerOS-SA-2023-2374)"},{"cve":"CVE-2023-32067","qid":"673270","title":"EulerOS Security Update for c-ares (EulerOS-SA-2023-2575)"},{"cve":"CVE-2023-32067","qid":"673319","title":"EulerOS Security Update for c-ares (EulerOS-SA-2023-2605)"},{"cve":"CVE-2023-32067","qid":"673368","title":"EulerOS Security Update for c-ares (EulerOS-SA-2023-2634)"},{"cve":"CVE-2023-32067","qid":"673401","title":"EulerOS Security Update for c-ares (EulerOS-SA-2023-2676)"},{"cve":"CVE-2023-32067","qid":"673706","title":"EulerOS Security Update for c-ares (EulerOS-SA-2023-3115)"},{"cve":"CVE-2023-32067","qid":"710769","title":"Gentoo Linux c-ares Multiple Vulnerabilities (GLSA 202310-09)"},{"cve":"CVE-2023-32067","qid":"754046","title":"SUSE Enterprise Linux Security Update for c-ares (SUSE-SU-2023:2313-1)"},{"cve":"CVE-2023-32067","qid":"754083","title":"SUSE Enterprise Linux Security Update for libcares2 (SUSE-SU-2023:2477-1)"},{"cve":"CVE-2023-32067","qid":"754181","title":"SUSE Enterprise Linux Security Update for nodejs16 (SUSE-SU-2023:2861-1)"},{"cve":"CVE-2023-32067","qid":"906996","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for c-ares (26913-1)"},{"cve":"CVE-2023-32067","qid":"907015","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for c-ares (26891-1)"},{"cve":"CVE-2023-32067","qid":"907109","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs (26937-1)"},{"cve":"CVE-2023-32067","qid":"907282","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs18 (26939-1)"},{"cve":"CVE-2023-32067","qid":"907567","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for fluent-bit (26918-1)"},{"cve":"CVE-2023-32067","qid":"907724","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for python-gevent (26942-1)"},{"cve":"CVE-2023-32067","qid":"941134","title":"AlmaLinux Security Update for c-ares (ALSA-2023:3559)"},{"cve":"CVE-2023-32067","qid":"941140","title":"AlmaLinux Security Update for c-ares (ALSA-2023:3584)"},{"cve":"CVE-2023-32067","qid":"941145","title":"AlmaLinux Security Update for nodejs (ALSA-2023:3586)"},{"cve":"CVE-2023-32067","qid":"941153","title":"AlmaLinux Security Update for nodejs:18 (ALSA-2023:3577)"},{"cve":"CVE-2023-32067","qid":"941168","title":"AlmaLinux Security Update for nodejs:16 (ALSA-2023:4034)"},{"cve":"CVE-2023-32067","qid":"941169","title":"AlmaLinux Security Update for nodejs:18 (ALSA-2023:4035)"},{"cve":"CVE-2023-32067","qid":"960941","title":"Rocky Linux Security Update for c-ares (RLSA-2023:3559)"},{"cve":"CVE-2023-32067","qid":"960945","title":"Rocky Linux Security Update for nodejs:18 (RLSA-2023:3577)"},{"cve":"CVE-2023-32067","qid":"960949","title":"Rocky Linux Security Update for c-ares (RLSA-2023:3584)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-32067","ASSIGNER":"security-advisories@github.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-400: Uncontrolled Resource Consumption","cweId":"CWE-400"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"c-ares","product":{"product_data":[{"product_name":"c-ares","version":{"version_data":[{"version_affected":"=","version_value":"< 1.19.1"}]}}]}}]}},"references":{"reference_data":[{"url":"https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc","refsource":"MISC","name":"https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc"},{"url":"https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1","refsource":"MISC","name":"https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/"},{"url":"https://www.debian.org/security/2023/dsa-5419","refsource":"MISC","name":"https://www.debian.org/security/2023/dsa-5419"},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html"},{"url":"https://security.gentoo.org/glsa/202310-09","refsource":"MISC","name":"https://security.gentoo.org/glsa/202310-09"}]},"source":{"advisory":"GHSA-9g78-jv2r-p7vc","discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-05-25 23:15:00","lastModifiedDate":"2023-10-31 16:06:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:c-ares_project:c-ares:*:*:*:*:*:*:*:*","versionEndExcluding":"1.19.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}