c-ares

Top products

The 11 most recently published vulnerabilities affecting c-ares.

• CVE-2025-62408c-ares has a Use After Free vulnerability when connection is cleaned up after error5.9Dec 8, 2025
• CVE-2025-31498c-ares has a use-after-free in read_answers()7.0Apr 8, 2025
• CVE-2024-25629c-ares out of bounds read in ares__read_line()4.4Feb 23, 2024
• CVE-2020-22217Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.5.9Aug 22, 2023
• CVE-2023-320670-byte UDP payload DoS in c-ares7.5May 25, 2023
• CVE-2023-31147Insufficient randomness in generation of DNS query IDs in c-ares5.9May 25, 2023
• CVE-2023-31130Buffer Underwrite in ares_inet_net_pton()4.1May 25, 2023
• CVE-2023-31124AutoTools does not set CARES_RANDOM_FILE during cross compilation3.7May 25, 2023
• CVE-2020-14354A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service...3.3May 13, 2021
• CVE-2017-1000381The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet w...7.5Jul 7, 2017
• CVE-2016-5180Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary cod...9.8Oct 3, 2016