c-ares project

Top products

The 9 most recently published vulnerabilities affecting c-ares project.

• CVE-2023-320670-byte UDP payload DoS in c-ares7.5May 25, 2023
• CVE-2023-31147Insufficient randomness in generation of DNS query IDs in c-ares5.9May 25, 2023
• CVE-2023-31130Buffer Underwrite in ares_inet_net_pton()4.1May 25, 2023
• CVE-2023-31124AutoTools does not set CARES_RANDOM_FILE during cross compilation3.7May 25, 2023
• CVE-2022-4904A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause...8.6Mar 6, 2023
• CVE-2021-3672A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to ...5.6Nov 23, 2021
• CVE-2020-8277A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the app...7.5Nov 19, 2020
• CVE-2017-1000381The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet w...7.5Jul 7, 2017
• CVE-2016-5180Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary cod...9.8Oct 3, 2016