Home/Product/c ares project c ares
Product

c ares project c ares

15 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-62408
>= 1.32.3 and < 1.34.6
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using re
5.9MEDIUM
 CVE-2024-25629
< 1.27.0
c-ares is a C library for asynchronous DNS requests. ares__read_line() is used to parse local configuration files such as `/etc/
4.4MEDIUM
 CVE-2020-22217
all versions
Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.
5.9MEDIUM
 CVE-2023-32067
< 1.19.1
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the att
7.5HIGH
 CVE-2023-31147
< 1.19.1
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate ra
5.9MEDIUM
 CVE-2023-31130
< 1.19.1
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, i
4.1MEDIUM
 CVE-2023-31124
< 1.19.1
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE wi
3.7LOW
 CVE-2022-4904
< 1.19.0
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allo
8.6HIGH
 CVE-2021-3672
>= 1.0.0 and < 1.17.2
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can
5.6MEDIUM
 CVE-2020-14354
all versions
A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() com
3.3LOW
 CVE-2020-8277
< 1.16.0
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Servic
7.5HIGH
 CVE-2017-1000381
all versions
The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outsi
7.5HIGH
 CVE-2016-5180
all versions
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial
9.8CRITICAL
 CVE-2007-3153
all versions
The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random numbe
 CVE-2007-3152
all versions
c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow re
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin