FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py39-pycares -- domain hijacking vulnerability

Affected packages
py39-pycares < 4.2.0


VuXML ID 43e9ffd4-d6e0-11ed-956f-7054d21a9e2a
Discovery 2021-06-11
Entry 2023-04-09

Philipp Jeitner and Haya Shulman report:

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking.

The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.


CVE Name CVE-2021-3672