FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py39-pycares -- domain hijacking vulnerability

Affected packages
py39-pycares < 4.2.0

Details

VuXML ID 43e9ffd4-d6e0-11ed-956f-7054d21a9e2a
Discovery 2021-06-11
Entry 2023-04-09

Philipp Jeitner and Haya Shulman report:

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking.

The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

[source]

References

CVE Name CVE-2021-3672
URL https://osv.dev/vulnerability/GHSA-c58j-88f5-h53f

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.