8 matches found
OPENSUSE-SU-2026:20698-1 Security update for c-ares
This update for c-ares fixes the following issue - CVE-2025-62408: use after free in readanswers bsc1254738. Changes for c-ares: - c-ares 1.35.6: Ignore Windows IDN Search Domains until proper IDN support is added Various bug fixes...
Security Bulletin: Denial of Service Vulnerability in c-ares Resolver (Versions 1.32.3–1.34.5), affects watsonx.data
Summary c-ares versions 1.32.3–1.34.5 contain a flaw where certain DNS queries may terminate prematurely after maximum retry attempts, potentially leading to a Denial of Service. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-62408 DESCRIPTION: c-ares is an asynchronous resolv...
istioctl-1.28.2-1.1 on GA media (moderate)
istioctl-1.28.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10029-1 Rating: moderate Cross-References: CVE-2025-62408 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-1346)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1346 advisory. Use after free due to connection being cleaned up after error CVE-2025-62408 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus h...
Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2025-1348)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1348 advisory. Use after free due to connection being cleaned up after error CVE-2025-62408 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus h...
c-ares-devel-1.34.6-1.1 on GA media (moderate)
c-ares-devel-1.34.6-1.1 on GA media Announcement ID: openSUSE-SU-2026:10007-1 Rating: moderate Cross-References: CVE-2025-62408 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
CVE-2025-62408
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...
CVE-2025-62408
creationtimestamp| type| source ---|---|--- 2025-12-08 16:04:49+00:00| seen| https://seclists.org/oss-sec/2025/q4/253 2025-12-08 17:03:16+00:00| seen| https://seclists.org/oss-sec/2025/q4/254 2025-12-08 17:39:08+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m7il4ux4rp2h...