FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

c-ares -- Use After Free

Affected packages
1.32.3 <= c-ares < 1.34.6

Details

VuXML ID 1adf9ece-d4a3-11f0-83a2-843a4b343614
Discovery 2025-12-08
Entry 2025-12-09

https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5 reports:

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.

[source]

References

CVE Name CVE-2025-62408
URL https://cveawg.mitre.org/api/cve/CVE-2025-62408

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.