High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-25	CVE-2023-32067	c-ares is an asynchronous resolver library. network low complexity c-ares-project fedoraproject debian	7.5
2023-03-06	CVE-2022-4904	Improper Validation of Specified Quantity in Input vulnerability in multiple products A flaw was found in the c-ares package. network low complexity c-ares-project redhat fedoraproject CWE-1284	8.6
2020-11-19	CVE-2020-8277	Resource Exhaustion vulnerability in multiple products A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. network low complexity nodejs fedoraproject oracle c-ares-project CWE-400	7.5
2017-07-07	CVE-2017-1000381	Information Exposure vulnerability in multiple products The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. network low complexity c-ares-project c-ares nodejs CWE-200	7.5