C-ares Security Vulnerabilities and Issues — C-ares CVE List

Lucene search

C-ares ProjectC-ares

3 matches found

CVE•added 2023/05/25 11:15 p.m.•659 views

CVE-2023-32067

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shu...

7.5CVSS7.6AI score0.00323EPSS

CVE•added 2020/11/19 1:15 a.m.•348 views

CVE-2020-8277

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and

7.5CVSS7.3AI score0.59168EPSS

CVE•added 2017/07/07 5:29 p.m.•150 views

CVE-2017-1000381

The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.

7.5CVSS7.4AI score0.00776EPSS