How severe is CVE-2023-31130?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2023-31130?

This is classified as CWE-124, which is a common weakness in software security.

CVE-2023-31130 - MEDIUM Severity | CVSS 6.4

Vulnerability Description

c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.

Related Vulnerabilities

CVE-2018-5388

MEDIUM

CVSS:6.5(Medium)

In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.

CWE-1242018

CVE-2023-34351

HIGH

CVSS:7.5(High)

Buffer underflow in some Intel(R) PCM software before version 202307 may allow an unauthenticated user to potentially enable denial of service via network access.

CWE-1242023

CVE-2021-36064

HIGH

CVSS:7.8(High)

XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue r...

CWE-1242021

CVE-2022-33896

HIGH

CVSS:7.8(High)

A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by usin...

CWE-1242022

CVE-2024-52990

HIGH

CVSS:7.8(High)

Animate versions 23.0.8, 24.0.5 and earlier are affected by a Buffer Underwrite ('Buffer Underflow') vulnerability that could result in arbitrary code execution in the context of the current user. An ...

CWE-1242024

CVE-2025-4373

MEDIUM

CVSS:4.8(Medium)

A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow,...

CWE-1242025