CVE-2020-14354

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-14354

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14354.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-14354

Downstream

DEBIAN-CVE-2020-14354

Published

2021-05-13T14:15:17.503Z

Modified

2025-11-14T10:43:45.797761Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

A possible use-after-free and double-free in c-ares lib version 1.16.0 if aresdestroy() is called prior to aresgetaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.

References

Affected packages

Git / github.com/c-ares/c-ares

Affected ranges

Type: GIT
Repo: https://github.com/c-ares/c-ares
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1cc7e83c3bdfaafbc5919c95025592d8de3a170e

Affected versions

Other

c-ares-1_2_0

cares-1_10_0

cares-1_11_0

cares-1_11_0-rc1

cares-1_12_0

cares-1_13_0

cares-1_14_0

cares-1_15_0

cares-1_16_0

cares-1_1_0

cares-1_2_1

cares-1_3_1

cares-1_3_2

cares-1_4_0

cares-1_5_0

cares-1_5_1

cares-1_5_2

cares-1_5_3

cares-1_6_0

cares-1_7_0

cares-1_7_1

cares-1_7_2

cares-1_7_3

cares-1_7_4

cares-1_7_5

cares-1_8_0

cares-1_9_0

cares-1_9_1

curl-7_10_8

curl-7_11_0

curl-7_11_1

curl-7_12_0

curl-7_12_1

curl-7_12_2

curl-7_13_0

curl-7_13_1

curl-7_13_2

curl-7_14_0

curl-7_14_1

curl-7_15_0

curl-7_15_1

curl-7_15_3

curl-7_15_4

curl-7_15_5

curl-7_15_6-prepipeline

curl-7_16_0

curl-7_16_1

curl-7_16_2

curl-7_16_3

curl-7_16_4

curl-7_17_0

curl-7_17_1

curl-7_18_0

curl-7_18_1

curl-7_18_2

curl-7_19_0

curl-7_19_2

curl-7_19_3

curl-7_19_4

curl-7_19_5

curl-7_19_6

curl-7_19_7

curl-7_20_0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14354.json"

vanir_signatures

[
    {
        "source": "https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e",
        "id": "CVE-2020-14354-0943984d",
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "file": "ares_getaddrinfo.c",
            "function": "host_callback"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "41641729463172895225490036612231902270",
            "length": 625.0
        }
    },
    {
        "source": "https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e",
        "id": "CVE-2020-14354-61d1432b",
        "signature_type": "Line",
        "signature_version": "v1",
        "target": {
            "file": "ares_getaddrinfo.c"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "188514934666865950876588083814903200380",
                "216654447602516332471211556636820849519",
                "280935007277571070082878613853237796717",
                "123115424187489169459219809240179726727"
            ],
            "threshold": 0.9
        }
    }
]