CVE-2025-62408
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-62408
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-62408.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-62408
- Aliases
-
- GHSA-jq53-42q6-pqr5
- Downstream
- Published
- 2025-12-08T22:04:08.565Z
- Modified
- 2025-12-11T11:12:03.293593Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- c-ares has a Use After Free vulnerability when connection is cleaned up after error
- Details
-
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer() and processanswer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62408.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-416" ] }- References
Affected packages
Git / github.com/c-ares/c-ares
Affected ranges
- Type
- GIT
- Repo
- https://github.com/c-ares/c-ares
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
c-ares-1_17_0
c-ares-1_2_0
cares-1_10_0
cares-1_11_0
cares-1_11_0-rc1
cares-1_12_0
cares-1_13_0
cares-1_14_0
cares-1_15_0
cares-1_16_0
cares-1_16_1
cares-1_17_1
cares-1_17_2
cares-1_18_0
cares-1_18_1
cares-1_19_0
cares-1_19_1
cares-1_1_0
cares-1_20_0
cares-1_20_1
cares-1_21_0
cares-1_22_0
cares-1_22_1
cares-1_23_0
cares-1_24_0
cares-1_25_0
cares-1_26_0
cares-1_27_0
cares-1_28_0
cares-1_28_1
cares-1_29_0
cares-1_2_1
cares-1_3_1
cares-1_3_2
cares-1_4_0
cares-1_5_0
cares-1_5_1
cares-1_5_2
cares-1_5_3
cares-1_6_0
cares-1_7_0
cares-1_7_1
cares-1_7_2
cares-1_7_3
cares-1_7_4
cares-1_7_5
cares-1_8_0
cares-1_9_0
cares-1_9_1
curl-7_10_8
curl-7_11_0
curl-7_11_1
curl-7_12_0
curl-7_12_1
curl-7_12_2
curl-7_13_0
curl-7_13_1
curl-7_13_2
curl-7_14_0
curl-7_14_1
curl-7_15_0
curl-7_15_1
curl-7_15_3
curl-7_15_4
curl-7_15_5
curl-7_15_6-prepipeline
curl-7_16_0
curl-7_16_1
curl-7_16_2
curl-7_16_3
curl-7_16_4
curl-7_17_0
curl-7_17_1
curl-7_18_0
curl-7_18_1
curl-7_18_2
curl-7_19_0
curl-7_19_2
curl-7_19_3
curl-7_19_4
curl-7_19_5
curl-7_19_6
curl-7_19_7
curl-7_20_0
v1.*
v1.31.0
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"321353661002527215330537304666834019598",
"338733521522946929886267268142032897819",
"35931913657329677570036039003862980063",
"279554075692586514714571222882424182570",
"44138349121783764043770990687525280856",
"142953345571818308170486602160084980360",
"64734333590780377133059774462260609112",
"315868931149603495006116521463376022555",
"194973418508358492318808764415205600715",
"147913621690044901909860868715203384952",
"174269150175544809654969529626159848436",
"46046625963720220997434175728105643901",
"54886642256442765503163671629678664439",
"326932436573806649005481701776102446472",
"318268854568176352631743158011990074465",
"22032982411113173256185171368117627267",
"102738743674034987537396287113170371368",
"93647186377967054666155420304449482641",
"154428526250190328342840750551474624029",
"225859981689174537939321741360995955666",
"213051138191345144583947327118690269893",
"40871608050147331740983530283105157994",
"286907702548733324905794889341647477975",
"123429550496047084410860952146822287545",
"325591929130798657150194545498480421552",
"153668669455169815959836594996922734207",
"157571494097026509353911556959781940803",
"51792660026257283803548948088841166463",
"165704659640617664925557929819882716916",
"201396103441969713538297032218365471339",
"222100338102444369287457738795606490185",
"39860281595491405785239875311645322025",
"334107973322096743195279020755896009948",
"101427953733361895251516126464298319845",
"314667591071445512304918881728591608351",
"258764964551325821739090831204602661746",
"283945796097246862617191856919244107191",
"285212904808204911565729393171695016465",
"201364500313068595333596374428119625077",
"88980774756854926025765374543763335017",
"70388790260476612180883450193781588884",
"320410001368501204643645345838705405284",
"125041279344780341596633711463578228443",
"165915444102479254060299727555930864045",
"254908823428964021809334092454229161659",
"203169019754773799772300807459681511623",
"134184091854227466321272097637618194760",
"173697901047457224707399743936413230022",
"34442170438810038649784564714065368960",
"163089334224951501819161956104032555047",
"73350440970196216025666123327725242197",
"112424347947939971039919408319462692198",
"96772710852124765446129638781719204830",
"316292661205644326953853328341566129929",
"105892896898028674882805685115637856256",
"313724406726779605207301106081408019723",
"151909669366584638800221972703969496468",
"77662162652926853331559417663526449067",
"322968224656051207646448114774590790475",
"104732886621111072595206829035368571502",
"19323911716292440162903028981367940580",
"130582707141414124391380256384665301269",
"332041784196193397743373377949884151320",
"191233329754336968252918520906345757486",
"256260119936516899805442707233645023309",
"123027454279003714438083461577185766936",
"166637308625150696171295421549075339546",
"56363575504559482835722409084098808784",
"119841577641427459183935827007419781808",
"75790017760447395092088942131525200371",
"293353586354988880214721239306562453477",
"224982545775398779944994227361503387623",
"260439557273703625077640953463655959005",
"195674325604354575479744748588956294320",
"285023250066976911657995325384492949563",
"183505919317925440314005255738092132939",
"16591878045757588940288419012114391609",
"60983750018016384264413072111942864760",
"166791808113458468982864816922000193264",
"185695736019309129196787339420822142062",
"170428588534870848892988579546770354978",
"243156493494166778728945321764998785720",
"111709855595323211300939975178185933987",
"211413530065965371604281831827808745610",
"23691883215609824952438811560248502643",
"8886483890717337735639069156365116742",
"170815630844208943221988900330954246353",
"129530409864143985036562041346727961090",
"254345329507787606922293513089981801391",
"311119978075112929992058644537389220269",
"321681711585989924833390903943779891298",
"337355159624741773834404644704939652266",
"74557585981651180936001100711559649885",
"253819519466629136544469001025231395021",
"43586281874293323935987158151965211673",
"67974630603145024873128536139283695033",
"201342260967018129252057606387395425234"
],
"threshold": 0.9
},
"id": "CVE-2025-62408-06c1f220",
"target": {
"file": "src/lib/ares_process.c"
},
"source": "https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618"
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"232843347116034017976299380972893964834",
"25244448408673247709983251779887324208",
"165839986465120711819328927587544344453"
],
"threshold": 0.9
},
"id": "CVE-2025-62408-130f642c",
"target": {
"file": "test/ares-test-mock-ai.cc"
},
"source": "https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618"
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 167.0,
"function_hash": "31221661776046290913845235215517740248"
},
"id": "CVE-2025-62408-1a4f8837",
"target": {
"function": "ares_qcache_insert",
"file": "src/lib/ares_qcache.c"
},
"source": "https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618"
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"322968224656051207646448114774590790475",
"267799293876905722087522829026237176266",
"252062132439830111907284736301478344731",
"282776626571512393247174698416458356706",
"112754619014925978054877855299013113054",
"7751763202908178479774762449248427884",
"168352541986649880103287888457664206748",
"286594091080705667686360368812524211604",
"221418708574863098272325862388731444431",
"249969599340580904426450324154258120279",
"1601115358610887819012007260169139881"
],
"threshold": 0.9
},
"id": "CVE-2025-62408-1adb627c",
"target": {
"file": "src/lib/ares_private.h"
},
"source": "https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618"
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 2285.0,
"function_hash": "192312319984982821475486704651759299212"
},
"id": "CVE-2025-62408-2bdcbf92",
"target": {
"function": "ares_send_query",
"file": "src/lib/ares_process.c"
},
"source": "https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618"
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 321.0,
"function_hash": "4448006303752778523717403059681856866"
},
"id": "CVE-2025-62408-4a699ca1",
"target": {
"function": "ares_append_requeue",
"file": "src/lib/ares_process.c"
},
"source": "https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618"
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 689.0,
"function_hash": "287849626747516255940313657837363928176"
},
"id": "CVE-2025-62408-5e8c7f81",
"target": {
"function": "ares_requeue_query",
"file": "src/lib/ares_process.c"
},
"source": "https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618"
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"138111743412723773545745323013555099373",
"295915625217762935636130924235073203781",
"288937827620408396147681220376772539037",
"95682912037725098495747849501625758509",
"39435327564983152816916694132100844466",
"118676410084680952779436958248209475886",
"186751221792494322315480836892894969890"
],
"threshold": 0.9
},
"id": "CVE-2025-62408-8efe7184",
"target": {
"file": "src/lib/ares_qcache.c"
},
"source": "https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618"
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1201.0,
"function_hash": "208346073036447127962968547295944622082"
},
"id": "CVE-2025-62408-961971cd",
"target": {
"function": "read_answers",
"file": "src/lib/ares_process.c"
},
"source": "https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618"
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 334.0,
"function_hash": "33553648673912960252312427022107918675"
},
"id": "CVE-2025-62408-9cebb51c",
"target": {
"function": "end_query",
"file": "src/lib/ares_process.c"
},
"source": "https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618"
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 2023.0,
"function_hash": "318241958047025001751219647909978593444"
},
"id": "CVE-2025-62408-f90565e0",
"target": {
"function": "process_answer",
"file": "src/lib/ares_process.c"
},
"source": "https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618"
}
]