A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an malicious user to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
c-ares c-ares 1.16.0 |
||
fedoraproject fedora 33 |