Vulnerabilities > C Ares Project

DATE CVE VULNERABILITY TITLE RISK
2023-05-25 CVE-2023-32067 c-ares is an asynchronous resolver library.
network
low complexity
c-ares-project fedoraproject debian
7.5
2023-05-25 CVE-2023-31124 c-ares is an asynchronous resolver library.
network
high complexity
c-ares-project fedoraproject
3.7
2023-05-25 CVE-2023-31130 Out-of-bounds Write vulnerability in multiple products
c-ares is an asynchronous resolver library.
local
high complexity
c-ares-project fedoraproject debian CWE-787
6.4
2023-05-25 CVE-2023-31147 c-ares is an asynchronous resolver library.
network
low complexity
c-ares-project fedoraproject
6.5
2023-03-06 CVE-2022-4904 Improper Validation of Specified Quantity in Input vulnerability in multiple products
A flaw was found in the c-ares package.
network
low complexity
c-ares-project redhat fedoraproject CWE-1284
8.6
2021-11-23 CVE-2021-3672 Cross-site Scripting vulnerability in multiple products
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking.
5.6
2020-11-19 CVE-2020-8277 Resource Exhaustion vulnerability in multiple products
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses.
7.5
2017-07-07 CVE-2017-1000381 Information Exposure vulnerability in multiple products
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
network
low complexity
c-ares-project c-ares nodejs CWE-200
7.5
2016-10-03 CVE-2016-5180 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
network
low complexity
c-ares-project c-ares debian nodejs canonical CWE-787
critical
9.8