RHEL 8 : nodejs:20 (RHSA-2025:4461)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:4461 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes...

Ubuntu 24.10 / 25.04 : c-ares vulnerability (USN-7477-1)

The remote Ubuntu 24.10 / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7477-1 advisory. It was discovered that c-ares incorrectly handled re-enqueuing certain queries. A remote attacker could possibly use this issue to cause c-ares to crash,...

Medium: nodejs20

Issue Overview: c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if t...

Advisory ROSA-SA-2025-2782

Software: c-ares 1.13.0 OS: ROSA Virtualization 3.0 packageevrstring: c-ares-1.13.0-11.rv30 CVE-ID: CVE-2024-25629 BDU-ID: 2024-01708 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the aresreadline function of the C-ares asynchronous DNS query library is related to an operation exceeding buffer...