105 matches found
Astra Linux – Vulnerability in c-ares
A flaw was discovered in the c-ares library. A missing input validation check for host names returned by DNS Domain Name Servers can result in incorrect hostnames being displayed. This could potentially lead to Domain Hijacking. The greatest threat posed by this vulnerability is related to...
DSA-6084-1 c-ares - security update
Bulletin has no description...
Debian dsa-6084 : libc-ares-dev - security update
The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6084 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6084-1 [email protected] https://www.debian.org/security/...
CVE-2025-62408
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...
ALPINE-CVE-2025-62408
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...
CVE-2025-62408
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...
EUVD-2020-6498
Malware in sbrugna...
EUVD-2023-35463
Malicious code in bioql PyPI...
EUVD-2023-35450
Malicious code in bioql PyPI...
EUVD-2024-22949
Malicious code in bioql PyPI...
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.10.0 Vulnerability Details CVEID:CVE-2025-46727 DESCRIPTION: Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and...
TencentOS Server 3: c-ares (TSSA-2022:0198)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0198 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
RLSA-2024:4249 Low: c-ares security update
The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
CBL Mariner 2.0 Security Update: CBL-Mariner Releases / c-ares / pgbouncer (CVE-2021-3672)
The version of CBL-Mariner Releases / c-ares / pgbouncer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3672 advisory. - A flaw was found in c-ares library, where a missing input validation check...
[SECURITY] Fedora 40 Update: c-ares-1.34.5-1.fc40
c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...
The vulnerability of the C-ares asynchronous DNS query library, related to the possibility of using memory after it is freed, allows a hacker to cause a service failure.
The vulnerability of the C-ares asynchronous DNS query library is related to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a malicious actor to cause a service failure...
[SECURITY] Fedora 41 Update: c-ares-1.34.5-1.fc41
c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...
[SECURITY] Fedora 42 Update: c-ares-1.34.5-1.fc42
c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...
Linux Distros Unpatched Vulnerability : CVE-2025-31498
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query eithe...
CVE-2025-31498 c-ares has a use-after-free in read_answers()
c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...