28 matches found
Astra Linux – Vulnerability in c-ares
Buffer overflow vulnerability in c-ares before 1161 through 1170, due to the aresparsesoareply function in aresparsesoareply.c...
CLSA-2026-1776431757 c-ares: Fix of CVE-2022-4904
CVE-2022-4904: fix stack overflow in aressetsortlist due to missing input validation...
[R1] Tenable Network Monitor Version 6.5.3 Fixes Multiple Vulnerabilities
R1 Tenable Network Monitor Version 6.5.3 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 01/27/2026 - 14:02 Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several of the third-party components libxml2, libxslt, expat, c-ares, curl, sqlite were fou...
MiracleLinux 8 : nodejs:16 (AXSA:2023-5262:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5262:01 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check...
MiracleLinux 7 : rh-nodejs14-nodejs-14.15.4-2.el7 (AXSA:2021-1397:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1397:01 advisory. nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS CVE-2020-7754 nodejs-y18n: prototype pollution...
c-ares has a Use After Free vulnerability when connection is cleaned up after error
...
Malicious code in test-mlw2-fount-cares (npm)
The package test-mlw2-fount-cares was found to contain malicious code...
Malicious code in @malware-test-tipsy-jolls-sider-cares/test-mlw3-tipsy-jolls-sider-cares (npm)
The package @malware-test-tipsy-jolls-sider-cares/test-mlw3-tipsy-jolls-sider-cares was found to contain malicious code...
MAL-2025-35369 Malicious code in test-mlw2-fount-cares (npm)
The package test-mlw2-fount-cares was found to contain malicious code...
AZL-59742 CVE-2025-31498 affecting package fluent-bit for versions less than 3.1.9-4
c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...
The vulnerability of the autotools CARES_RANDOM_FILE component in the C-ares asynchronous DNS query library allows a attacker to compromise the integrity of the protected information.
The vulnerability of the CARESRANDOMFILE component in the C-ares asynchronous DNS query library is related to the use of rand as a backup mechanism. This allows attackers to exploit the absence of entropy, without using CSPRNG. Exploiting this vulnerability enables remote attackers to compromise...
AZL-34687 CVE-2024-25629 affecting package fluent-bit for versions less than 3.0.6-1
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...
c-ares: Buffer Underwrite in ares_inet_net_pton()
A vulnerability was found in c-ares. This issue occurs in the aresinetnetpton function, which is vulnerable to a buffer underflow for certain ipv6 addresses. "0::00:00:00/2" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which woul...
The vulnerability of the C-ares asynchronous DNS query library, related to uncontrolled resource consumption, allows a hacker to cause a service failure.
The vulnerability of the C-ares asynchronous DNS query library is related to an uncontrolled resource consumption when the packet length is interpreted incorrectly. Exploiting this vulnerability can allow a malicious actor to cause service failures through corrupted UDP packets...
UBUNTU-CVE-2020-22217
Buffer overflow vulnerability in c-ares before 1161 thru 1170 via function aresparsesoareply in aresparsesoareply.c...
c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation
A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...
c-ares: 0-byte UDP payload Denial of Service
A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service...
c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation
A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...
c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation
A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...
AutoTools does not set CARES_RANDOM_FILE during cross compilation
...