Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the eventstream decoder process. An attacker can cause the host process to terminate unexpectedly by sending a crafted EventStream response frame containing a header value type byte outside the valid range...

[SECURITY] [DSA 6084-1] c-ares security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6084-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 18, 2025 https://www.debian.org/security/faq -...

FreeBSD : c-ares -- Use After Free (1adf9ece-d4a3-11f0-83a2-843a4b343614)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1adf9ece-d4a3-11f0-83a2-843a4b343614 advisory. https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5 reports: c-ares is an...

SUSE CVE-2025-62408

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...

AZL-71854 CVE-2025-62408 affecting package fluent-bit for versions less than 3.1.10-4

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...

CVE-2025-62408 c-ares has a Use After Free vulnerability when connection is cleaned up after error

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...

c-ares -- Use After Free

https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5 reports: c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed i...

GHSA-G9VW-6PVX-7GMW Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults

Summary A use-after-free UAF vulnerability in Envoy's DNS cache causes abnormal process termination. Envoy may reallocate memory when processing a pending DNS resolution, causing list iterator to reference freed memory. Details The vulnerability exists in Envoy's Dynamic Forward Proxy...

CVE-2025-54588 Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Versions 1.34.0 through 1.34.4 and 1.35.0 contain a use-after-free UAF vulnerability in the DNS cache, causing abnormal process termination. The vulnerability is in Envoy's Dynamic...

Medium: nodejs20

Issue Overview: c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if t...

c-ares 1.32.3 < 1.34.5 Use After Free (macOS)

The version of c-ares installed on the remote host is affected by a use after free vulnerability. c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when t...

Fedora 41 : c-ares (2025-c26ac54608)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-c26ac54608 advisory. Update to 1.34.5. Fixes CVE-2025-31498. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free due to the readanswers process by flooding the target with ICMP UNREACHABLE packets under specific network conditions. Note: This is only exploitable remotely if the attacker also controls the upstream nameserver and can...

DEBIAN-CVE-2025-31498

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...

UBUNTU-CVE-2025-31498

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...

CVE-2025-31498

CVE-2025-31498 (c-ares) affects versions 1.32.3–1.34.4 of the asynchronous resolver library. The issue is a use-after-free in read_answers() that can occur when process_answer() re-enqueues a query (e.g., due to DNS Cookie Failure or EDNS issues, or on TCP paths after a premature close). If an er...

CVE-2025-31498 c-ares has a use-after-free in read_answers()

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...

CVE-2025-31498

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...

CVE-2025-31498 c-ares has a use-after-free in read_answers()

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...