ROS-20260512-73-0034

Vulnerability in c-ares related to memory usage after its release. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Unity Linux 20.1060e / 20.1070e Security Update: c-ares (UTSA-2026-017414)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017414 advisory. A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames...

openSUSE 16 Security Update : c-ares (openSUSE-SU-2026:20698-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20698-1 advisory. This update for c-ares fixes the following issue - CVE-2025-62408: use after free in readanswers bsc1254738. Changes for c-ares: - c-ares 1.35.6: Ignore...

OPENSUSE-SU-2026:20698-1 Security update for c-ares

This update for c-ares fixes the following issue - CVE-2025-62408: use after free in readanswers bsc1254738. Changes for c-ares: - c-ares 1.35.6: Ignore Windows IDN Search Domains until proper IDN support is added Various bug fixes...

SUSE-SU-2026:21574-1 Security update for c-ares

This update for c-ares fixes the following issue - CVE-2025-62408: use after free in readanswers bsc1254738. Changes for c-ares: - c-ares 1.35.6: Ignore Windows IDN Search Domains until proper IDN support is added Various bug fixes...

SUSE-SU-2026:21584-1 Security update for c-ares

This update for c-ares fixes the following issue - CVE-2025-62408: use after free in readanswers bsc1254738. Changes for c-ares: - c-ares 1.35.6: Ignore Windows IDN Search Domains until proper IDN support is added Various bug fixes...

Astra Linux - уязвимость в c-ares

C-ares is an asynchronous resolver library. The aresinetnetpton function is vulnerable to a buffer underflow for certain IPv6 addresses. In particular, the address “0::00:00:00/2” was found to cause an issue. C-ares only uses this function internally for configuration purposes, and an administrat...

Astra Linux - уязвимость в c-ares

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...

Astra Linux - уязвимость в c-ares

A flaw was discovered in the c-ares library. A missing input validation check for host names returned by DNS Domain Name Servers can result in incorrect hostnames being displayed. This could potentially lead to Domain Hijacking. The greatest threat posed by this vulnerability is related to...

Astra Linux - уязвимость в c-ares

A flaw was discovered in the c-ares package. The aressetsortlist function lacks checks for the validity of the input string, which could lead to a stack overflow vulnerability with an arbitrary length. This issue may cause a denial of service or have a limited impact on confidentiality and...

CLSA-2026-1776431757 c-ares: Fix of CVE-2022-4904

CVE-2022-4904: fix stack overflow in aressetsortlist due to missing input validation...

CLSA-2026-1776432133 c-ares: Fix of CVE-2022-4904

CVE-2022-4904: fix stack overflow in aressetsortlist due to missing input validation...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: c-ares: c-ares-1.34.6-3.1.hum1 aarch64, x8664 c-ares-devel-1.34.6-3.1.hum1 aarch64, x8664 c-ares-1.34.6-3.1.hum1.src src...

Security Bulletin: Denial of Service Vulnerability in c-ares Resolver (Versions 1.32.3–1.34.5), affects watsonx.data

Summary c-ares versions 1.32.3–1.34.5 contain a flaw where certain DNS queries may terminate prematurely after maximum retry attempts, potentially leading to a Denial of Service. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-62408 DESCRIPTION: c-ares is an asynchronous resolv...

NewStart CGSL MAIN 6.06 (SP) : c-ares Vulnerability (NS-SA-2026-0023)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has c-ares packages installed that are affected by a vulnerability: - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames whi...

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The campaigns are...

[R1] Tenable Network Monitor Version 6.5.3 Fixes Multiple Vulnerabilities

R1 Tenable Network Monitor Version 6.5.3 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 01/27/2026 - 14:02 Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several of the third-party components libxml2, libxslt, expat, c-ares, curl, sqlite were fou...

Azure Linux 3.0 Security Update: fluent-bit (CVE-2025-31498)

The version of fluent-bit installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-31498 advisory. - c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in...

MiracleLinux 7 : rh-nodejs12-nodejs-12.19.1-2.el7 (AXSA:2020-959:05)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-959:05 advisory. nodejs-y18n: prototype pollution vulnerability CVE-2020-7774 c-ares: aresparsea,aaaareply insufficient naddrttls validation DoS CVE-2020-8277...

MiracleLinux 9 : nodejs-16.20.2-8.el9_4 (AXSA:2024-8149:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8149:02 advisory. nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of service...