What the vulnerability does

01Description

A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.

Key dates

02Disclosure timeline

March 6, 2023 CVE published
December 2, 2025 Record updated