CNNVD-202512-865 Information

CNNVD ID

CNNVD-202512-865

Related CVE

CVE-2025-62408

• CNNVD Published: 2025-12-08

Description (Chinese)

c-ares是c-ares个人开发者的一个用于异步 DNS 请求的 C 库。 c-ares 1.32.3版本至1.34.5版本存在资源管理错误漏洞，该漏洞源于read_answer和process_answer函数在最大尝试次数后终止查询，可能导致拒绝服务。

Description (English)

c-ares is a C library used by the c-ares personal developers for altruistic DNS requests. C-ares 1.3.2.3 to 1.34.5 contain a resource management error loophole, which stems from the fact that the search is terminated after the maximum number of attempts and may result in the denial of service.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

个人开发者

Published

2025-12-08

Last Modified

2026-02-24

References

https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5 https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618 https://vigilance.fr/vulnerability/c-ares-denial-of-service-via-Maximum-Attempts-49075

Patch

https://c-ares.org/#download