PublicDateAtUSN: 2021-08-10 06:00:00 UTC
Candidate: CVE-2021-3672
CRD: 2021-08-10 06:00:00 UTC
PublicDate: 2021-11-23 19:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672
 https://c-ares.haxx.se/adv_20210810.html
 https://ubuntu.com/security/notices/USN-5034-1
 https://ubuntu.com/security/notices/USN-5034-2
Description:
 A flaw was found in c-ares library, where a missing input validation check
 of host names returned by DNS (Domain Name Servers) can lead to output of
 wrong hostnames which might potentially lead to Domain Hijacking. The
 highest threat from this vulnerability is to confidentiality and integrity
 as well as system availability.
Ubuntu-Description: 
Notes: 
Mitigation: 
Bugs: 
Priority: medium
Discovered-by: Philipp Jeitner and Haya Shulman
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L [5.6 MEDIUM]


Patches_c-ares:
 upstream: https://github.com/c-ares/c-ares/commit/362f91d
 upstream: https://github.com/c-ares/c-ares/commit/44c009b
upstream_c-ares: released (1.17.2)
trusty_c-ares: ignored (out of standard support)
trusty/esm_c-ares: DNE
xenial_c-ares: ignored (out of standard support)
esm-infra/xenial_c-ares: released (1.10.0-3ubuntu0.2+esm1)
bionic_c-ares: released (1.14.0-1ubuntu0.1)
focal_c-ares: released (1.15.0-1ubuntu0.1)
hirsute_c-ares: released (1.17.1-1ubuntu0.1)
impish_c-ares: released (1.17.1-1ubuntu1)
jammy_c-ares: released (1.17.1-1ubuntu1)
devel_c-ares: released (1.17.1-1ubuntu1)