Skip to main content

c-ares CVE-2026-33630

HIGH
2026-07-06
Share

Lifecycle Timeline

1
Analysis Generated
Jul 06, 2026 - 20:25 vuln.today

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

c-ares, the widely-embedded asynchronous DNS resolver library, received a security fix in version 1.34.7 addressing CVE-2026-33630, disclosed via the oss-security mailing list. The vulnerability was reported by Haruto Kimura of Stella and is also tracked under GHSA-pjmc-gx33-gc76 and GHSA-jv8r-gqr9-68wj. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Unknown trigger condition
Exploit
c-ares processes malformed input
Impact
Unknown impact

Vulnerability AssessmentAI

Exploitation Exploitation conditions cannot be determined from the available input data - no vulnerability description, CVSS vector, or CWE was provided. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Risk cannot be formally assessed from the supplied data. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario Because no vulnerability description, CVSS vector, or CWE is available, a specific exploit scenario cannot be constructed. Given c-ares's role in DNS resolution, a plausible generic scenario involves a malicious or compromised DNS server returning crafted responses that trigger a flaw in c-ares's parsing logic, affecting any application relying on it for resolution. …
Remediation Upgrade c-ares to version 1.34.7 or later. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory systems and applications using c-ares; determine current deployed versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-33630 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy