Lucene search
K

9 matches found

Debian
Debian
added 2025/12/18 1:49 p.m.8 views

[SECURITY] [DSA 6084-1] c-ares security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6084-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 18, 2025 https://www.debian.org/security/faq -...

5.9CVSS6.8AI score0.0039EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/12/11 12:23 a.m.2 views

SUSE CVE-2025-62408

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...

5.9CVSS6.9AI score0.0039EPSS
Exploits0References5
OSV
OSV
added 2025/09/15 4:46 p.m.2 views

GHSA-G9VW-6PVX-7GMW Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults

Summary A use-after-free UAF vulnerability in Envoy's DNS cache causes abnormal process termination. Envoy may reallocate memory when processing a pending DNS resolution, causing list iterator to reference freed memory. Details The vulnerability exists in Envoy's Dynamic Forward Proxy...

7.5CVSS6.8AI score0.0044EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/04/24 12:0 a.m.12 views

c-ares 1.32.3 < 1.34.5 Use After Free (macOS)

The version of c-ares installed on the remote host is affected by a use after free vulnerability. c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when t...

8.3CVSS7.2AI score0.00555EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/08 2:42 p.m.1 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free due to the readanswers process by flooding the target with ICMP UNREACHABLE packets under specific network conditions. Note: This is only exploitable remotely if the attacker also controls the upstream nameserver and can...

8.3CVSS6.7AI score0.00555EPSS
Exploits0References2
OSV
OSV
added 2025/04/08 2:15 p.m.1 views

UBUNTU-CVE-2025-31498

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...

8.3CVSS6.8AI score0.00555EPSS
Exploits0References7
CVE
CVE
added 2025/04/08 1:53 p.m.153 views

CVE-2025-31498

CVE-2025-31498 (c-ares) affects versions 1.32.3–1.34.4 of the asynchronous resolver library. The issue is a use-after-free in read_answers() that can occur when process_answer() re-enqueues a query (e.g., due to DNS Cookie Failure or EDNS issues, or on TCP paths after a premature close). If an er...

8.3CVSS7.3AI score0.00555EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/04/08 1:53 p.m.17 views

CVE-2025-31498 c-ares has a use-after-free in read_answers()

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...

8.3CVSS0.00555EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/04/08 1:53 p.m.6 views

CVE-2025-31498

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...

8.3CVSS7.4AI score0.00555EPSS
Exploits0References4
Rows per page
Query Builder