Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ares vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-22217
Buffer overflow vulnerability in c-ares prior to 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.
C-ares C-ares 1.16.1
C-ares C-ares 1.17.0
Debian Debian Linux 10.0
668
VMScore
CVE-2007-3152
c-ares prior to 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote malicious users to spoof DNS responses by guessing the field value.
Daniel Stenberg C-ares 1.0
Daniel Stenberg C-ares 1.3.2
Daniel Stenberg C-ares 1.1
Daniel Stenberg C-ares 1.2
Daniel Stenberg C-ares 1.2.1
Daniel Stenberg C-ares 1.3
Daniel Stenberg C-ares 1.3.1
445
VMScore
CVE-2007-3153
The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote malicious users to spoof DNS responses by guessing certain values.
Daniel Stenberg C-ares 1.0
Daniel Stenberg C-ares 1.1
Daniel Stenberg C-ares 1.3.2
Daniel Stenberg C-ares 1.2
Daniel Stenberg C-ares 1.2.1
Daniel Stenberg C-ares 1.3
Daniel Stenberg C-ares 1.3.1
187
VMScore
CVE-2020-14354
A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an malicious user to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this ...
C-ares C-ares 1.16.0
Fedoraproject Fedora 33
NA
CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the ra...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
NA
CVE-2023-31124
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an malicious user to ...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
890
VMScore
CVE-2005-2425
Stack-based buffer overflow in Ares FileShare 1.1 allows remote attackers or local users to execute arbitrary code via a (1) long history parameter in the configuration file (ares.conf) or (2) long search string.
Ares Fileshare 1.1
NA
CVE-2022-4904
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
C-ares Project C-ares
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 36
NA
CVE-2023-32067
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 lengt...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2023-31130
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would r...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Debian Debian Linux 10.0
Debian Debian Linux 11.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »