|Number of vulnerabilities||1|
|CVE ID|| CVE-2020-8277
|CWE ID|| CWE-399
|Public exploit||Public exploit code for vulnerability #1 is available.|
Operating systems & Components / Operating system
This security advisory describes one medium risk vulnerability.
Exploit availability: Yes [Search exploit]Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when processing a large number of DNS responses. A Node.js application that allows an attacker to trigger a DNS request
for a host of their choice could trigger a denial of service condition.
Update the affected package c-ares to version 1.17.1-1.Vulnerable software versions
Arch Linux: All versionsCPE
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.