C Ares C Aresproject C Ares

Do you want an email whenever new security vulnerabilities are reported in C Aresproject C Ares?

By the Year

In 2021 there have been 1 vulnerability in C Aresproject C Ares with an average score of 3.3 out of ten. Last year C Ares had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in C Ares in 2021 could surpass last years number. Last year, the average CVE base score was greater by 4.20

Year Vulnerabilities Average Score
2021 1 3.30
2020 1 7.50
2019 0 0.00
2018 0 0.00

It may take a day or so for new C Ares vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent C Aresproject C Ares Security Vulnerabilities

A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing

CVE-2020-14354 3.3 - Low - May 13, 2021

A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.

Dangling pointer

A Node.js application

CVE-2020-8277 7.5 - High - November 19, 2020

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.

Resource Exhaustion

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for C Aresproject C Ares or by C Aresproject? Click the Watch button to subscribe.

subscribe