1296 matches found
[SECURITY] Fedora 44 Update: c-ares-1.34.7-1.fc44
c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...
CVE-2026-33630
A flaw was found in c-ares. A use-after-free / double-free vulnerability exists in the query-completion handling path, where a query callback is invoked while the query is still linked in internal lookup structures. A remote attacker can exploit this via aresgetaddrinfo over TCP by sending crafte...
Linux Distros Unpatched Vulnerability : CVE-2026-33630
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free / double-free in query-completion handling fedora-all CVE-2026-33630 Note that Nessus relies on the presence of the package as reported by the...
ARES-v6.0-PRO-
No d...
Astra Linux – Vulnerability in c-ares
A flaw was discovered in the c-ares package. The aressetsortlist function lacks checks for the validity of the input string, which could lead to a stack overflow vulnerability with an arbitrary length. This issue may cause a denial of service or have a limited impact on confidentiality and...
Astra Linux – Vulnerability in c-ares
C-ares is an asynchronous resolver library. The aresinetnetpton function is vulnerable to a buffer underflow for certain IPv6 addresses. In particular, the address “0::00:00:00/2” was found to cause an issue. C-ares only uses this function internally for configuration purposes, and an administrat...
Astra Linux – Vulnerability in c-ares
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service attacks. When a target resolver sends a query, the attacker creates a malformed UDP packet with a length of 0 and sends it back to the target resolver. The target resolver misinterprets this 0-length field as an...
Astra Linux – Vulnerability in c-ares
A flaw was discovered in the c-ares library. A missing input validation check for host names returned by DNS Domain Name Servers can result in incorrect hostnames being displayed. This could potentially lead to Domain Hijacking. The greatest threat posed by this vulnerability is related to...
ROS-20260512-73-0034
Vulnerability in c-ares related to memory usage after its release. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
Unity Linux 20.1060e / 20.1070e Security Update: c-ares (UTSA-2026-017414)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017414 advisory. A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames...
openSUSE 16 Security Update : c-ares (openSUSE-SU-2026:20698-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20698-1 advisory. This update for c-ares fixes the following issue - CVE-2025-62408: use after free in readanswers bsc1254738. Changes for c-ares: - c-ares 1.35.6: Ignore...
OPENSUSE-SU-2026:20698-1 Security update for c-ares
This update for c-ares fixes the following issue - CVE-2025-62408: use after free in readanswers bsc1254738. Changes for c-ares: - c-ares 1.35.6: Ignore Windows IDN Search Domains until proper IDN support is added Various bug fixes...
SUSE-SU-2026:21584-1 Security update for c-ares
This update for c-ares fixes the following issue - CVE-2025-62408: use after free in readanswers bsc1254738. Changes for c-ares: - c-ares 1.35.6: Ignore Windows IDN Search Domains until proper IDN support is added Various bug fixes...
SUSE-SU-2026:21574-1 Security update for c-ares
This update for c-ares fixes the following issue - CVE-2025-62408: use after free in readanswers bsc1254738. Changes for c-ares: - c-ares 1.35.6: Ignore Windows IDN Search Domains until proper IDN support is added Various bug fixes...
CLSA-2026-1776431757 c-ares: Fix of CVE-2022-4904
CVE-2022-4904: fix stack overflow in aressetsortlist due to missing input validation...
CLSA-2026-1776432133 c-ares: Fix of CVE-2022-4904
CVE-2022-4904: fix stack overflow in aressetsortlist due to missing input validation...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: c-ares: c-ares-1.34.6-3.1.hum1 aarch64, x8664 c-ares-devel-1.34.6-3.1.hum1 aarch64, x8664 c-ares-1.34.6-3.1.hum1.src src...
Security Bulletin: Denial of Service Vulnerability in c-ares Resolver (Versions 1.32.3–1.34.5), affects watsonx.data
Summary c-ares versions 1.32.3–1.34.5 contain a flaw where certain DNS queries may terminate prematurely after maximum retry attempts, potentially leading to a Denial of Service. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-62408 DESCRIPTION: c-ares is an asynchronous resolv...
NewStart CGSL MAIN 6.06 (SP) : c-ares Vulnerability (NS-SA-2026-0023)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has c-ares packages installed that are affected by a vulnerability: - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames whi...
APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities
Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The campaigns are...