Skip to main content

C Ares

9 CVEs product

Monthly

CVE-2025-62408 MEDIUM PATCH This Month

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.

Use After Free Memory Corruption Denial Of Service C Ares Red Hat +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2023-32067 HIGH This Week

c-ares is an asynchronous resolver library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service C Ares Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-31147 MEDIUM This Month

c-ares is an asynchronous resolver library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C Ares Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-31130 MEDIUM This Month

c-ares is an asynchronous resolver library. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure C Ares Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2023-31124 LOW Monitor

c-ares is an asynchronous resolver library. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Google C Ares Fedora
NVD GitHub
CVSS 3.1
3.7
EPSS
0.9%
CVE-2021-3672 MEDIUM POC PATCH This Month

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS C Ares Fedora Enterprise Linux Enterprise Linux Computer Node +13
NVD
CVSS 3.1
5.6
EPSS
2.6%
CVE-2020-8277 HIGH PATCH This Week

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Node Js Fedora Blockchain Platform +5
NVD
CVSS 3.1
7.5
EPSS
54.2%
CVE-2017-1000381 HIGH This Week

The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C Ares Node Js
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2016-5180 CRITICAL Act Now

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.2% and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow RCE C Ares +3
NVD
CVSS 3.1
9.8
EPSS
18.2%
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.

Use After Free Memory Corruption Denial Of Service +3
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

c-ares is an asynchronous resolver library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service C Ares Fedora +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

c-ares is an asynchronous resolver library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C Ares Fedora
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

c-ares is an asynchronous resolver library. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure C Ares Fedora +1
NVD GitHub
EPSS 1% CVSS 3.7
LOW Monitor

c-ares is an asynchronous resolver library. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Google C Ares +1
NVD GitHub
EPSS 3% CVSS 5.6
MEDIUM POC PATCH This Month

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS C Ares Fedora +15
NVD
EPSS 54% CVSS 7.5
HIGH PATCH This Week

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Node Js +7
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C Ares Node Js
NVD
EPSS 18% CVSS 9.8
CRITICAL Act Now

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.2% and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow +5
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy