Known Vulnerabilities for products from C-ares Project
Listed below are 5 of the newest known vulnerabilities associated with the vendor "C-ares Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-3672 | A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers... | 5.6 - MEDIUM | 2021-11-23 | 2024-01-05 |
| CVE-2020-14354 | A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo(... | 3.3 - LOW | 2021-05-13 | 2023-11-07 |
| CVE-2020-8277 | A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of S... | 7.5 - HIGH | 2020-11-19 | 2023-11-07 |
| CVE-2017-1000381 | The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory ... | 7.5 - HIGH | 2017-07-07 | 2023-09-15 |
| CVE-2016-5180 | Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a d... | 9.8 - CRITICAL | 2016-10-03 | 2023-11-07 |
Known software with vulnerabilities from C-ares Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | C-ares Project | C-ares | 1.0.0 |