Astra Linux – Vulnerability in c-ares

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service attacks. When a target resolver sends a query, the attacker creates a malformed UDP packet with a length of 0 and sends it back to the target resolver. The target resolver misinterprets this 0-length field as an...

ROS-20260512-73-0034

Vulnerability in c-ares related to memory usage after its release. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Unity Linux 20.1060e / 20.1070e Security Update: c-ares (UTSA-2026-017414)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017414 advisory. A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames...

Security Bulletin: Denial of Service Vulnerability in c-ares Resolver (Versions 1.32.3–1.34.5), affects watsonx.data

Summary c-ares versions 1.32.3–1.34.5 contain a flaw where certain DNS queries may terminate prematurely after maximum retry attempts, potentially leading to a Denial of Service. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-62408 DESCRIPTION: c-ares is an asynchronous resolv...

MiracleLinux 8 : c-ares-1.13.0-6.el8.2 (AXSA:2023-6142:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6142:03 advisory. c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 9 : c-ares-1.17.1-5.el9.1 (AXSA:2023-6019:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6019:01 advisory. c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 9 : nodejs-16.20.2-8.el9_4 (AXSA:2024-8149:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8149:02 advisory. nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of service...

MiracleLinux 8 : nodejs:20 (AXSA:2024-7740:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7740:01 advisory. c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to retrie...

MiracleLinux 9 : c-ares-1.19.1-2.el9_4 (AXSA:2024-8283:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8283:02 advisory. c-ares: Out of bounds read in aresreadline CVE-2024-25629 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 9 : nodejs:18 (AXSA:2023-6083:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6083:01 advisory. c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 c-ares: Insufficient...

MiracleLinux 8 : nodejs:20 (AXSA:2025-9918:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9918:01 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 Tenable has extracted the preceding description block directly from the MiracleLinux securi...

SUSE CVE-2025-62408

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...

c-ares 资源管理错误漏洞

c-ares is a C library for asynchronous DNS requests from the c-ares individual developer. A resource management error vulnerability exists in c-ares versions 1.32.3 through 1.34.5, which stems from the readanswer and processanswer functions terminating a query after the maximum number of attempts...

Linux Distros Unpatched Vulnerability : CVE-2025-62408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, whi...

Security Bulletin: IBM DataPower Gateway vulnerable to a denial of service due to C-Ares

Summary C-Ares is used in IBM DataPower Gateway's DNS resolver Vulnerability Details CVEID:CVE-2025-31498 DESCRIPTION: c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS...

TencentOS Server 3: c-ares (TSSA-2023:0186)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0186 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

EUVD-2023-35454

Malicious code in bioql PyPI...

EUVD-2023-36348

Malicious code in bioql PyPI...

NewStart CGSL MAIN 6.06 : c-ares Vulnerability (NS-SA-2025-0226)

The remote NewStart CGSL host, running version MAIN 6.06, has c-ares packages installed that are affected by a vulnerability: - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which...

RockyLinux 8 : nodejs:22 (RLSA-2025:4459)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:4459 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 SQLite: integer overflow in SQLite CVE-2025-3277 Tenable has extracted the preceding...