Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
c-ares vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2020-22217
Buffer overflow vulnerability in c-ares prior to 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.
C-ares C-ares 1.16.1
C-ares C-ares 1.17.0
Debian Debian Linux 10.0
NA
CVE-2007-3153
The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote malicious users to spoof DNS responses by guessing certain values.
Daniel Stenberg C-ares 1.0
Daniel Stenberg C-ares 1.1
Daniel Stenberg C-ares 1.3.2
Daniel Stenberg C-ares 1.2
Daniel Stenberg C-ares 1.2.1
Daniel Stenberg C-ares 1.3
Daniel Stenberg C-ares 1.3.1
NA
CVE-2007-3152
c-ares prior to 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote malicious users to spoof DNS responses by guessing the field value.
Daniel Stenberg C-ares 1.0
Daniel Stenberg C-ares 1.3.2
Daniel Stenberg C-ares 1.1
Daniel Stenberg C-ares 1.2
Daniel Stenberg C-ares 1.2.1
Daniel Stenberg C-ares 1.3
Daniel Stenberg C-ares 1.3.1
3.3
CVSSv3
CVE-2020-14354
A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an malicious user to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this ...
C-ares C-ares 1.16.0
Fedoraproject Fedora 33
3.7
CVSSv3
CVE-2023-31124
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an malicious user to ...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
6.5
CVSSv3
CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the ra...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
8.6
CVSSv3
CVE-2022-4904
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
C-ares Project C-ares
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 36
6.4
CVSSv3
CVE-2023-31130
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would r...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2023-32067
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 lengt...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2020-8277
A Node.js application that allows an malicious user to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. ...
Nodejs Node.js
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Oracle Graalvm 19.3.4
Oracle Graalvm 20.3.0
Oracle Retail Xstore Point Of Service 16.0.6
Oracle Retail Xstore Point Of Service 17.0.4
Oracle Retail Xstore Point Of Service 18.0.3
Oracle Retail Xstore Point Of Service 19.0.2
Oracle Jd Edwards Enterpriseone Tools
Oracle Mysql Cluster
Oracle Blockchain Platform
C-ares Project C-ares
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »