Filtered by vendor C-ares
Subscribe
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-22217 | 2 C-ares, Debian | 2 C-ares, Debian Linux | 2024-02-28 | N/A | 5.9 MEDIUM |
Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c. | |||||
CVE-2020-14354 | 2 C-ares, Fedoraproject | 2 C-ares, Fedora | 2024-02-28 | 2.1 LOW | 3.3 LOW |
A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability. | |||||
CVE-2017-1000381 | 3 C-ares, C-ares Project, Nodejs | 3 C-ares, C-ares, Node.js | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. | |||||
CVE-2016-5180 | 5 C-ares, C-ares Project, Canonical and 2 more | 5 C-ares, C-ares, Ubuntu Linux and 2 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. |