Vulnerabilities > C Ares Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-25 | CVE-2023-32067 | c-ares is an asynchronous resolver library. | 7.5 |
2023-05-25 | CVE-2023-31124 | c-ares is an asynchronous resolver library. | 3.7 |
2023-05-25 | CVE-2023-31130 | Out-of-bounds Write vulnerability in multiple products c-ares is an asynchronous resolver library. | 6.4 |
2023-05-25 | CVE-2023-31147 | c-ares is an asynchronous resolver library. | 6.5 |
2023-03-06 | CVE-2022-4904 | Improper Validation of Specified Quantity in Input vulnerability in multiple products A flaw was found in the c-ares package. | 8.6 |
2021-11-23 | CVE-2021-3672 | Cross-site Scripting vulnerability in multiple products A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. | 5.6 |
2020-11-19 | CVE-2020-8277 | Resource Exhaustion vulnerability in multiple products A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. | 7.5 |
2017-07-07 | CVE-2017-1000381 | Information Exposure vulnerability in multiple products The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. | 7.5 |
2016-10-03 | CVE-2016-5180 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. | 9.8 |