Vulnerabilities > C Ares Project

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-25	CVE-2023-32067	c-ares is an asynchronous resolver library. network low complexity c-ares-project fedoraproject debian	7.5
2023-05-25	CVE-2023-31124	Use of Insufficiently Random Values vulnerability in multiple products c-ares is an asynchronous resolver library. network high complexity c-ares-project fedoraproject CWE-330	3.7
2023-05-25	CVE-2023-31130	Out-of-bounds Write vulnerability in multiple products c-ares is an asynchronous resolver library. local high complexity c-ares-project fedoraproject debian CWE-787	6.4
2023-05-25	CVE-2023-31147	Use of Insufficiently Random Values vulnerability in multiple products c-ares is an asynchronous resolver library. network low complexity c-ares-project fedoraproject CWE-330	6.5
2023-03-06	CVE-2022-4904	Improper Validation of Specified Quantity in Input vulnerability in multiple products A flaw was found in the c-ares package. network low complexity c-ares-project redhat fedoraproject CWE-1284	8.6
2021-11-23	CVE-2021-3672	Cross-site Scripting vulnerability in multiple products A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. network high complexity c-ares-project fedoraproject redhat siemens nodejs pgbouncer CWE-79	5.6
2020-11-19	CVE-2020-8277	Resource Exhaustion vulnerability in multiple products A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. network low complexity nodejs fedoraproject oracle c-ares-project CWE-400	7.5
2017-07-07	CVE-2017-1000381	Information Exposure vulnerability in multiple products The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. network low complexity c-ares-project c-ares nodejs CWE-200	7.5
2016-10-03	CVE-2016-5180	Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. network low complexity c-ares-project c-ares debian nodejs canonical CWE-787 critical	9.8

Vulnerabilities > C Ares Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"C Ares Project"}]}

Vulnerabilities > C Ares Project