CVE-2025-31498 — Use After Free in C-ares

CWE-416 — Use After Free7 documents7 sources

Severity

8.3HIGHNVD

EPSS

0.6%

top 29.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

C-ares

Timeline

PublishedApr 8

Latest updateMay 5

Description

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the …

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶Debianc-ares/c-ares< 1.34.5-1+1

▶CVEListV5c-ares/c-ares>= 1.32.3, < 1.34.5

🔴Vulnerability Details

CVEList

c-ares has a use-after-free in read_answers()↗2025-04-08

▶

OSV

CVE-2025-31498: c-ares is an asynchronous resolver library↗2025-04-08

▶

📋Vendor Advisories

Ubuntu

c-ares vulnerability↗2025-05-05

▶

Microsoft

c-ares has a use-after-free in read_answers()↗2025-04-08

▶

Red Hat

c-ares: c-ares has a use-after-free in read_answers()↗2025-04-08

▶

Debian

CVE-2025-31498: c-ares - c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is...↗2025

▶