C Ares C Aresproject C Ares

Do you want an email whenever new security vulnerabilities are reported in C Aresproject C Ares?

By the Year

In 2022 there have been 0 vulnerabilities in C Aresproject C Ares . Last year C Ares had 2 security vulnerabilities published. Right now, C Ares is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 2 4.45
2020 1 7.50
2019 0 0.00
2018 0 0.00

It may take a day or so for new C Ares vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent C Aresproject C Ares Security Vulnerabilities

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames

CVE-2021-3672 5.6 - Medium - November 23, 2021

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

XSS

A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing

CVE-2020-14354 3.3 - Low - May 13, 2021

A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.

Dangling pointer

A Node.js application

CVE-2020-8277 7.5 - High - November 19, 2020

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.

Resource Exhaustion

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Retail Xstore Point Of Service or by C Aresproject? Click the Watch button to subscribe.

subscribe