c-ares Vulnerable to Memory Corruption via Out-of-Bounds Read in ‘ares__read_line’ function

🗓️ 27 Feb 2025 00:00:00Reported by Broadcom Security ResponseType

c-ares memory corruption from out-of-bounds read in ares__read_line via local configuration files, causing denial of service or memory leak.

Reporter	Title	Published	Views	Family All 263
FreeBSD	dns/c-ares -- malformatted file causes application crash	23 Feb 202400:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities	4 Feb 202520:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	18 Sep 202410:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana (OnPrem) has addressed multiple vulnerabilities	17 Sep 202513:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DataPower Gateway vulnerable to a denial of service due to C-Ares	4 Dec 202513:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	3 Jun 202410:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to Buffer Under-read in the RHEL UBI (CVE-2024-25629)	5 Aug 202420:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities	12 Aug 202422:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to C-ares (CVE-2024-25629)	9 May 202412:34	–	ibm
Tenable Nessus	Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-562)	21 Mar 202400:00	–	nessus