Vulnerabilities (CVE)

Filtered by vendor C-ares Subscribe
Filtered by product C-ares
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-14354 2 C-ares, Fedoraproject 2 C-ares, Fedora 2024-11-21 2.1 LOW 3.3 LOW
A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.
CVE-2017-1000381 3 C-ares, C-ares Project, Nodejs 3 C-ares, C-ares, Node.js 2024-11-21 5.0 MEDIUM 7.5 HIGH
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
CVE-2016-5180 5 C-ares, C-ares Project, Canonical and 2 more 5 C-ares, C-ares, Ubuntu Linux and 2 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
CVE-2020-22217 2 C-ares, Debian 2 C-ares, Debian Linux 2024-02-28 N/A 5.9 MEDIUM
Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.