9 matches found
[SECURITY] [DSA 6084-1] c-ares security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6084-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 18, 2025 https://www.debian.org/security/faq -...
SUSE CVE-2025-62408
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...
GHSA-G9VW-6PVX-7GMW Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults
Summary A use-after-free UAF vulnerability in Envoy's DNS cache causes abnormal process termination. Envoy may reallocate memory when processing a pending DNS resolution, causing list iterator to reference freed memory. Details The vulnerability exists in Envoy's Dynamic Forward Proxy...
c-ares 1.32.3 < 1.34.5 Use After Free (macOS)
The version of c-ares installed on the remote host is affected by a use after free vulnerability. c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when t...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free due to the readanswers process by flooding the target with ICMP UNREACHABLE packets under specific network conditions. Note: This is only exploitable remotely if the attacker also controls the upstream nameserver and can...
UBUNTU-CVE-2025-31498
c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...
CVE-2025-31498
CVE-2025-31498 (c-ares) affects versions 1.32.3–1.34.4 of the asynchronous resolver library. The issue is a use-after-free in read_answers() that can occur when process_answer() re-enqueues a query (e.g., due to DNS Cookie Failure or EDNS issues, or on TCP paths after a premature close). If an er...
CVE-2025-31498 c-ares has a use-after-free in read_answers()
c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...
CVE-2025-31498
c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...