关键漏洞信息 CVE ID: CVE-2025-31498 CVSS v4 Severity: High (8.3/10) Affected Versions: 1.32.3 - 1.34.4 Patched Version: 1.34.5 Weakness: CWE-416 (Use After Free) Description Impact: Use after free in when may re-enqueue a query under certain conditions, potentially leading to system instability or remote attacks. Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Attack Requirements: None - Privileges Required: None - User Interaction: None Vulnerable System Impact Metrics: - Confidentiality: Low - Integrity: Low - Availability: High Subsequent System Impact Metrics: - Confidentiality: None - Integrity: None - Availability: None Patches Versions 1.32.3 - 1.34.4 are affected. Patched in version 1.34.5. Workarounds None provided. References c-ares started handling UDP write failures in 1.32.3 in PR #821. Credits Reported by Erik Lax (@eriklax).