Vulnerabilities (CVE)

Filtered by vendor C-ares Project Subscribe
Filtered by product C-ares
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3672 3 C-ares Project, Fedoraproject, Redhat 14 C-ares, Fedora, Enterprise Linux and 11 more 2021-12-14 6.8 MEDIUM 5.6 MEDIUM
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
CVE-2020-8277 4 C-ares Project, Fedoraproject, Nodejs and 1 more 7 C-ares, Fedora, Node.js and 4 more 2021-12-02 5.0 MEDIUM 7.5 HIGH
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
CVE-2020-14354 2 C-ares Project, Fedoraproject 2 C-ares, Fedora 2021-05-20 2.1 LOW 3.3 LOW
A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.
CVE-2016-5180 2 C-ares Project, Debian 2 C-ares, Debian Linux 2018-01-05 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
CVE-2017-1000381 1 C-ares Project 1 C-ares 2017-07-17 5.0 MEDIUM 7.5 HIGH
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.