C Aresproject C Ares
By the Year
In 2021 there have been 1 vulnerability in C Aresproject C Ares with an average score of 3.3 out of ten. Last year C Ares had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in C Ares in 2021 could surpass last years number. Last year, the average CVE base score was greater by 4.20
It may take a day or so for new C Ares vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent C Aresproject C Ares Security Vulnerabilities
A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing
3.3 - Low
- May 13, 2021
A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.
A Node.js application
7.5 - High
- November 19, 2020
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.