TEMP-0000000-191FEB

NameTEMP-0000000-191FEB
DescriptionGHSA-pjmc-gx33-gc76: CPU-exhaustion denial of service via unbounded DNS name compression pointer chains
SourceAutomatically generated temporary name. Not for external reference.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
c-ares (PTS)bullseye (security), bullseye1.17.1-1+deb11u3vulnerable
bookworm1.18.1-3vulnerable
trixie (security), trixie1.34.5-1+deb13u1vulnerable
forky1.34.6-1vulnerable
sid1.34.8-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
c-aressource(unstable)1.34.7-1

Notes

https://www.openwall.com/lists/oss-security/2026/07/06/8
https://github.com/c-ares/c-ares/security/advisories/GHSA-pjmc-gx33-gc76
Fixed by: https://github.com/c-ares/c-ares/commit/f1288bbc70e9a1e0a77134c2382157e52d326aea (main)
Fixed by: https://github.com/c-ares/c-ares/commit/5c8341ba6ff3a8e4e4dfd616f8ed0418838b8b7b (v1.34.7)

Search for package or bug name: Reporting problems