Known Vulnerabilities for products from C-ares Project
Listed below are 10 of the newest known vulnerabilities associated with the vendor "C-ares Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-32067 json | c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, th... | 7.5 - HIGH | 2023-05-25 | 2023-10-31 |
| CVE-2023-31147 json | c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to genera... | 6.5 - MEDIUM | 2023-05-25 | 2023-10-31 |
| CVE-2023-31130 json | c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 address... | 6.4 - MEDIUM | 2023-05-25 | 2023-10-31 |
| CVE-2023-31124 json | c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FI... | 3.7 - LOW | 2023-05-25 | 2023-10-31 |
| CVE-2022-4904 json | A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which... | 8.6 - HIGH | 2023-03-06 | 2024-01-05 |
| CVE-2021-3672 json | A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers... | 5.6 - MEDIUM | 2021-11-23 | 2024-01-05 |
| CVE-2020-14354 json | A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo(... | 3.3 - LOW | 2021-05-13 | 2023-11-07 |
| CVE-2020-8277 json | A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of S... | 7.5 - HIGH | 2020-11-19 | 2023-11-07 |
| CVE-2017-1000381 json | The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory ... | 7.5 - HIGH | 2017-07-07 | 2023-09-15 |
| CVE-2016-5180 json | Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a d... | 9.8 - CRITICAL | 2016-10-03 | 2023-11-07 |
Known software with vulnerabilities from C-ares Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | C-ares Project | C-ares | 1.0.0 |