CVE-2025-31498

EPSS 0.12%
Published 08.04.2025 13:53:11
Last modified 08.04.2025 18:13:53
Source security-advisories@github.com
Teams watchlist Login
Open Login

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Vendorc-ares

≫

Product c-ares

Version >= 1.32.3, < 1.34.5

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.323

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
security-advisories@github.com	8.3	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v

https://github.com/c-ares/c-ares/pull/821

https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1

http://www.openwall.com/lists/oss-security/2025/04/08/3

https://nvd.nist.gov/vuln/detail/CVE-2025-31498

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-31498

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-31498

EUVD