Filtered by vendor C-ares
Subscriptions
Filtered by product C-ares
Subscriptions
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-22217 | 3 C-ares, Debian, Redhat | 4 C-ares, Debian Linux, Enterprise Linux and 1 more | 2024-10-03 | 5.9 Medium |
Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c. | ||||
CVE-2016-5180 | 6 C-ares, C-ares Project, Canonical and 3 more | 6 C-ares, C-ares, Ubuntu Linux and 3 more | 2024-08-06 | 9.8 Critical |
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. | ||||
CVE-2017-1000381 | 4 C-ares, C-ares Project, Nodejs and 1 more | 4 C-ares, C-ares, Node.js and 1 more | 2024-08-05 | 7.5 High |
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. | ||||
CVE-2020-14354 | 2 C-ares, Fedoraproject | 2 C-ares, Fedora | 2024-08-04 | 3.3 Low |
A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability. |
Page 1 of 1.