ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
ELS for PHP
- CVEs
- Releases
- Projects
- Documentation
ELS for Python
- CVEs
- Releases
- Projects
- Documentation
ELS for Dotnet
- CVEs
- Releases
- Projects
- Documentation
ELS for Node.js
- CVEs
- Releases
- Projects
- Documentation

CVE-2023-31130

Updated: 2026-02-27 02:18:38.944099

Description:

c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.

Links	NIST	CIRCL	RHEL	Ubuntu

Severity

	Severity	Score
CVSS Version 2.x		0.0
CVSS Version 3.x	MEDIUM	6.4

Status

OS name	Project name	Version	Score	Severity	Status	Errata	Last updated	Statement
AlmaLinux 9.2 ESU	c-ares	1.17.1	6.4	MEDIUM	Released	CLSA-2025:1744721593	2025-04-16 04:33:22
AlmaLinux 9.2 ESU	nodejs	16.20.2	6.4	MEDIUM	Already Fixed		2025-08-28 00:57:17
CentOS 7 ELS	c-ares	1.10.0	6.4	MEDIUM	Ignored		2024-07-12 05:05:41	Ignored due to low severity