RSS   Vulnerabilities for 'C-ares'   RSS

2021-11-23
 
CVE-2021-3672

CWE-79
 

 
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

 
2021-05-13
 
CVE-2020-14354

CWE-416
 

 
A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.

 
2017-07-07
 
CVE-2017-1000381

 

 
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.

 
2016-10-03
 
CVE-2016-5180

CWE-787
 

 
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.

 


Copyright 2024, cxsecurity.com

 

Back to Top