CVE-2020-14354 - OpenCVE

A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
C-ares	C-ares
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:c-ares:c-ares:1.16.0:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1866838
https://c-ares.haxx.se/changelog.html
https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
https://nvd.nist.gov/vuln/detail/CVE-2020-14354
https://packetstormsecurity.com/files/158755/GS20200804145053.txt
https://www.cve.org/CVERecord?id=CVE-2020-14354

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2021-05-13T13:38:56

Updated: 2024-08-04T12:39:36.541Z

Reserved: 2020-06-17T00:00:00

Link: CVE-2020-14354

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-05-13T14:15:17.503

Modified: 2023-11-07T03:17:10.400

Link: CVE-2020-14354

Redhat

Severity : Moderate

Publid Date: 2020-08-02T00:00:00Z

Links: CVE-2020-14354 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "c-ares", "vendor": "n/a", "versions": [{"status": "affected", "version": "c-ares 1.16.1"}]}], "descriptions": [{"lang": "en", "value": "A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120->CWE-416", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-13T13:39:35", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2020-43d5a372fc", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838"}, {"tags": ["x_refsource_MISC"], "url": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://c-ares.haxx.se/changelog.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-14354", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "c-ares", "version": {"version_data": [{"version_value": "c-ares 1.16.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120->CWE-416"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2020-43d5a372fc", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838"}, {"name": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt", "refsource": "MISC", "url": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt"}, {"name": "https://c-ares.haxx.se/changelog.html", "refsource": "MISC", "url": "https://c-ares.haxx.se/changelog.html"}, {"name": "https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e", "refsource": "MISC", "url": "https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:39:36.541Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2020-43d5a372fc", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://c-ares.haxx.se/changelog.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-14354", "datePublished": "2021-05-13T13:38:56", "dateReserved": "2020-06-17T00:00:00", "dateUpdated": "2024-08-04T12:39:36.541Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:c-ares:c-ares:1.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "59640538-D3DC-457C-B042-5D2B8F445A46", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability."}, {"lang": "es", "value": "Un posible uso de la memoria previamente liberada y una doble liberaci\u00f3n en c-ares lib versi\u00f3n 1.16.0, si la funci\u00f3n ares_destroy() es llamado antes de completar la funci\u00f3n ares_getaddrinfo(). Este fallo posiblemente permite a un atacante bloquear el servicio que usa c-ares lib. La mayor amenaza de esta vulnerabilidad es la disponibilidad de este servicio"}], "id": "CVE-2020-14354", "lastModified": "2023-11-07T03:17:10.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-13T14:15:17.503", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://c-ares.haxx.se/changelog.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}, {"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Jann Horn (Google Project Zero) for reporting this issue.", "bugzilla": {"description": "c-ares: ares_destroy() with pending ares_getaddrinfo() leads to Use-After-Free", "id": "1866838", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-120->CWE-416", "details": ["A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability."], "mitigation": {"lang": "en:us", "value": "If calling wait_ares(channel) before ares_destroy() in the service that uses c-ares, then this should prevent this bug."}, "name": "CVE-2020-14354", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "c-ares", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "c-ares", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "c-ares", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "c-ares", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "nodejs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-nodejs10-nodejs", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-nodejs12-nodejs", "product_name": "Red Hat Software Collections"}], "public_date": "2020-08-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-14354\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14354\nhttps://c-ares.haxx.se/changelog.html\nhttps://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e\nhttps://packetstormsecurity.com/files/158755/GS20200804145053.txt"], "statement": "This flaw is rated as a having Moderate impact, because it can happen only during close of the service (or when handling ARES_ECONNREFUSED). The Red Hat Enterprise Linux not affected (all versions), because the version of c-ares being used is 1.13.0, and the bug introduced in 1.16.0 (and then fixed in 1.16.1).", "threat_severity": "Moderate", "upstream_fix": "c-ares 1.16.1"}