c-ares Vulnerable to Memory Corruption via Out-of-Bounds Read in ‘ares__read_line’ function
25431
27 February 2025
27 February 2025
CLOSED
MEDIUM
5.5 -- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2024-25629
|
Brocade Security Advisory ID |
BSA-2025-2706 |
|
Component |
c-ares |
|
|
|
Summary
c-ares is vulnerable to memory corruption due to improper parsing of local configuration files. This could allow a local attacker with access to such files to cause a denial-of-service (DoS), or potentially leverage to obtain sensitive information from memory.
Products Affected
Brocade ASCG before 3.2.0
Products Confirmed Not Affected
- Brocade Fabric OS
[Vex Status Code: Component_not_present] - Brocade SANnav
[VEX Justification: Vulnerable_code_cannot_be_contolled_by_adversary]
Solution
Security update provided in Brocade ASCG 3.2.0
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
February 27, 2025 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.