cve 2022 4904

CVE-2022-4904 is a stack-overflow vulnerability in the c-ares asynchronous DNS library, fixed in version 1.19.0. The bug occurs during sortlist parsing, allowing unbounded input to overflow a local stack buffer, leading to denial of service and limited confidentiality/integrity exposure. Major distributions have backported the fix, but the operational risk depends on how individual applications build and use the library. This tag covers discussions about the vulnerability, its impact, and remediation steps for systems using c-ares.