TEMP-0000000-A8E7DE

NameTEMP-0000000-A8E7DE
DescriptionGHSA-jv8r-gqr9-68wj: Memory-amplification denial of service via unvalidated DNS header record counts
SourceAutomatically generated temporary name. Not for external reference.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
c-ares (PTS)bullseye (security), bullseye1.17.1-1+deb11u3vulnerable
bookworm1.18.1-3vulnerable
trixie (security), trixie1.34.5-1+deb13u1vulnerable
forky1.34.6-1vulnerable
sid1.34.8-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
c-aressource(unstable)1.34.7-1

Notes

https://www.openwall.com/lists/oss-security/2026/07/06/8
https://github.com/c-ares/c-ares/security/advisories/GHSA-jv8r-gqr9-68wj
Fixed by: https://github.com/c-ares/c-ares/commit/eaded4cb200b2a5f8d73f11021ff7c8d6968aaab (main)
Fixed by: https://github.com/c-ares/c-ares/commit/e47c203f91cd8b749c8736bc18d75a31ffdec8f4 (v1.34.7)

Search for package or bug name: Reporting problems