AZL-34578 CVE-2024-25629 affecting package c-ares for versions less than 1.30.0-1

🗓️ 23 Feb 2024 15:15:09Reported by GoogleType

osv🔗 osv.dev👁 2 Views

C-ares vulnerability where leading NULL in config lines can crash memory; affected versions below 1.30.0-1; fixed in 1.27.0.

Reporter	Title	Published	Views	Family All 264
FreeBSD	dns/c-ares -- malformatted file causes application crash	23 Feb 202400:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities	4 Feb 202520:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	18 Sep 202410:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana (OnPrem) has addressed multiple vulnerabilities	17 Sep 202513:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DataPower Gateway vulnerable to a denial of service due to C-Ares	4 Dec 202513:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	3 Jun 202410:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to Buffer Under-read in the RHEL UBI (CVE-2024-25629)	5 Aug 202420:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities	12 Aug 202422:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to C-ares (CVE-2024-25629)	9 May 202412:34	–	ibm
Tenable Nessus	Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-562)	21 Mar 202400:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-25629

21 Apr 2026 04:27Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.15.5

EPSS0.00055