Lucene search
+L

28 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in c-ares

Buffer overflow vulnerability in c-ares before 1161 through 1170, due to the aresparsesoareply function in aresparsesoareply.c...

5.9CVSS6.6AI score0.00838EPSS
Exploits1References2
OSV
OSV
added 2026/04/21 5:10 p.m.12 views

CLSA-2026-1776431757 c-ares: Fix of CVE-2022-4904

CVE-2022-4904: fix stack overflow in aressetsortlist due to missing input validation...

8.6CVSS7.3AI score0.01222EPSS
Exploits1References1
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2026/01/27 7:2 p.m.7 views

[R1] Tenable Network Monitor Version 6.5.3 Fixes Multiple Vulnerabilities

R1 Tenable Network Monitor Version 6.5.3 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 01/27/2026 - 14:02 Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several of the third-party components libxml2, libxslt, expat, c-ares, curl, sqlite were fou...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : nodejs:16 (AXSA:2023-5262:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5262:01 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check...

8.6CVSS8AI score0.02209EPSS
Exploits5References9
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : rh-nodejs14-nodejs-14.15.4-2.el7 (AXSA:2021-1397:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1397:01 advisory. nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS CVE-2020-7754 nodejs-y18n: prototype pollution...

9.8CVSS7AI score0.69062EPSS
Exploits6References8
Microsoft CVE
Microsoft CVE
added 2025/12/11 9:1 a.m.4 views

c-ares has a Use After Free vulnerability when connection is cleaned up after error

...

5.9CVSS6.7AI score0.00396EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in test-mlw2-fount-cares (npm)

The package test-mlw2-fount-cares was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in @malware-test-tipsy-jolls-sider-cares/test-mlw3-tipsy-jolls-sider-cares (npm)

The package @malware-test-tipsy-jolls-sider-cares/test-mlw3-tipsy-jolls-sider-cares was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-35369 Malicious code in test-mlw2-fount-cares (npm)

The package test-mlw2-fount-cares was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/04/08 2:15 p.m.8 views

AZL-59742 CVE-2025-31498 affecting package fluent-bit for versions less than 3.1.9-4

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...

8.3CVSS6.7AI score0.00577EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/04/05 12:0 a.m.7 views

The vulnerability of the autotools CARES_RANDOM_FILE component in the C-ares asynchronous DNS query library allows a attacker to compromise the integrity of the protected information.

The vulnerability of the CARESRANDOMFILE component in the C-ares asynchronous DNS query library is related to the use of rand as a backup mechanism. This allows attackers to exploit the absence of entropy, without using CSPRNG. Exploiting this vulnerability enables remote attackers to compromise...

3.7CVSS6.5AI score0.00936EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2024/02/23 3:15 p.m.5 views

AZL-34687 CVE-2024-25629 affecting package fluent-bit for versions less than 3.0.6-1

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

5.5CVSS6.8AI score0.00349EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/11/21 11:47 a.m.9 views

c-ares: Buffer Underwrite in ares_inet_net_pton()

A vulnerability was found in c-ares. This issue occurs in the aresinetnetpton function, which is vulnerable to a buffer underflow for certain ipv6 addresses. "0::00:00:00/2" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which woul...

6.4CVSS7.5AI score0.00333EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/11/11 12:0 a.m.9 views

The vulnerability of the C-ares asynchronous DNS query library, related to uncontrolled resource consumption, allows a hacker to cause a service failure.

The vulnerability of the C-ares asynchronous DNS query library is related to an uncontrolled resource consumption when the packet length is interpreted incorrectly. Exploiting this vulnerability can allow a malicious actor to cause service failures through corrupted UDP packets...

7.8CVSS6.5AI score0.01577EPSS
Exploits0References12Affected Software6
OSV
OSV
added 2023/08/22 7:16 p.m.5 views

UBUNTU-CVE-2020-22217

Buffer overflow vulnerability in c-ares before 1161 thru 1170 via function aresparsesoareply in aresparsesoareply.c...

5.9CVSS6.6AI score0.00838EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/07/12 8:33 a.m.5 views

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

3.7CVSS7.2AI score0.00936EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/06/19 1:4 p.m.8 views

c-ares: 0-byte UDP payload Denial of Service

A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service...

7.5CVSS7.3AI score0.01577EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/06/14 8:43 a.m.5 views

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

3.7CVSS7.2AI score0.00936EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/06/14 7:33 a.m.10 views

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

3.7CVSS7.2AI score0.00936EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2023/06/03 7:0 a.m.4 views

AutoTools does not set CARES_RANDOM_FILE during cross compilation

...

3.7CVSS6.4AI score0.00936EPSS
Exploits0
Rows per page
Query Builder