Browse all 7 CVE security advisories affecting c-ares. AI-powered Chinese analysis, POCs, and references for each vulnerability.
c-ares is a C library for asynchronous DNS requests, widely used in applications requiring non-blocking DNS resolution. Historically, vulnerabilities have included remote code execution, buffer overflows, and denial-of-service flaws, often stemming from improper input validation or memory handling. Security characteristics show a pattern of issues in parsing DNS responses and handling crafted packets. While no major public incidents have been documented, the 7 CVEs highlight ongoing risks in memory management and parsing logic. Developers should ensure proper input sanitization and keep implementations updated to mitigate potential exploitation through malformed DNS responses or network attacks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-62408 | c-ares has a Use After Free vulnerability when connection is cleaned up after error — c-aresCWE-416 | 5.9 | Medium | 2025-12-08 |
| CVE-2025-31498 | c-ares has a use-after-free in read_answers() — c-aresCWE-416 | 7.5AI | HighAI | 2025-04-08 |
| CVE-2024-25629 | c-ares out of bounds read in ares__read_line() — c-aresCWE-127 | 4.4 | Medium | 2024-02-23 |
| CVE-2023-32067 | 0-byte UDP payload DoS in c-ares — c-aresCWE-400 | 7.5 | High | 2023-05-25 |
| CVE-2023-31147 | Insufficient randomness in generation of DNS query IDs in c-ares — c-aresCWE-330 | 5.9 | Medium | 2023-05-25 |
| CVE-2023-31130 | Buffer Underwrite in ares_inet_net_pton() — c-aresCWE-124 | 4.1 | Medium | 2023-05-25 |
| CVE-2023-31124 | AutoTools does not set CARES_RANDOM_FILE during cross compilation — c-aresCWE-330 | 3.7 | Low | 2023-05-25 |
This page lists every published CVE security advisory associated with c-ares. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.