CVE-2025-31498
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-31498
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-31498.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-31498
- Aliases
-
- GHSA-6hxc-62jh-p29v
- Downstream
- Related
- Published
- 2025-04-08T14:15:35Z
- Modified
- 2025-09-19T15:25:49.963886Z
- Summary
- [none]
- Details
-
c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers() when processanswer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.
- References
-
- https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v
- https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1
- https://github.com/c-ares/c-ares/pull/821
- http://www.openwall.com/lists/oss-security/2025/04/08/3
- https://security.alpinelinux.org/vuln/CVE-2025-31498
Affected packages
Alpine:v3.21 / c-ares
Package
- Name
- c-ares
- Purl
- pkg:apk/alpine/c-ares?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.34.5-r0
Affected versions
1.*
1.6.0-r0
1.6.0-r1
1.7.0-r0
1.7.0-r1
1.7.3-r0
1.7.4-r0
1.7.4-r1
1.7.4-r2
1.7.5-r0
1.8.0-r0
1.9.0-r0
1.9.1-r0
1.10.0-r0
1.10.0-r1
1.11.0-r0
1.12.0-r0
1.13.0-r0
1.13.0-r1
1.14.0-r0
1.15.0-r0
1.15.0-r1
1.16.0-r0
1.16.1-r0
1.17.1-r0
1.17.1-r1
1.17.2-r0
1.18.1-r0
1.18.1-r1
1.19.0-r0
1.19.0-r1
1.19.0-r2
1.19.0-r3
1.19.0-r4
1.19.1-r0
1.19.1-r1
1.20.1-r0
1.21.0-r0
1.22.0-r0
1.22.1-r0
1.23.0-r0
1.24.0-r0
1.25.0-r0
1.25.0-r1
1.26.0-r0
1.27.0-r0
1.28.1-r0
1.29.0-r0
1.31.0-r0
1.32.0-r0
1.32.1-r0
1.32.2-r0
1.32.3-r0
1.33.0-r0
1.33.1-r0
1.34.1-r0
1.34.2-r0
1.34.2-r1
1.34.2-r2
1.34.3-r0
1.34.4-r0
Alpine:v3.22 / c-ares
Package
- Name
- c-ares
- Purl
- pkg:apk/alpine/c-ares?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.34.5-r0
Affected versions
1.*
1.6.0-r0
1.6.0-r1
1.7.0-r0
1.7.0-r1
1.7.3-r0
1.7.4-r0
1.7.4-r1
1.7.4-r2
1.7.5-r0
1.8.0-r0
1.9.0-r0
1.9.1-r0
1.10.0-r0
1.10.0-r1
1.11.0-r0
1.12.0-r0
1.13.0-r0
1.13.0-r1
1.14.0-r0
1.15.0-r0
1.15.0-r1
1.16.0-r0
1.16.1-r0
1.17.1-r0
1.17.1-r1
1.17.2-r0
1.18.1-r0
1.18.1-r1
1.19.0-r0
1.19.0-r1
1.19.0-r2
1.19.0-r3
1.19.0-r4
1.19.1-r0
1.19.1-r1
1.20.1-r0
1.21.0-r0
1.22.0-r0
1.22.1-r0
1.23.0-r0
1.24.0-r0
1.25.0-r0
1.25.0-r1
1.26.0-r0
1.27.0-r0
1.28.1-r0
1.29.0-r0
1.31.0-r0
1.32.0-r0
1.32.1-r0
1.32.2-r0
1.32.3-r0
1.33.0-r0
1.33.1-r0
1.34.1-r0
1.34.2-r0
1.34.2-r1
1.34.2-r2
1.34.3-r0
1.34.4-r0
Git / github.com/c-ares/c-ares
Affected ranges
- Type
- GIT
- Repo
- https://github.com/c-ares/c-ares
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
c-ares-1_17_0
c-ares-1_2_0
cares-1_10_0
cares-1_11_0
cares-1_11_0-rc1
cares-1_12_0
cares-1_13_0
cares-1_14_0
cares-1_15_0
cares-1_16_0
cares-1_16_1
cares-1_17_1
cares-1_17_2
cares-1_18_0
cares-1_18_1
cares-1_19_0
cares-1_19_1
cares-1_1_0
cares-1_20_0
cares-1_20_1
cares-1_21_0
cares-1_22_0
cares-1_22_1
cares-1_23_0
cares-1_24_0
cares-1_25_0
cares-1_26_0
cares-1_27_0
cares-1_28_0
cares-1_28_1
cares-1_29_0
cares-1_2_1
cares-1_3_1
cares-1_3_2
cares-1_4_0
cares-1_5_0
cares-1_5_1
cares-1_5_2
cares-1_5_3
cares-1_6_0
cares-1_7_0
cares-1_7_1
cares-1_7_2
cares-1_7_3
cares-1_7_4
cares-1_7_5
cares-1_8_0
cares-1_9_0
cares-1_9_1
curl-7_10_8
curl-7_11_0
curl-7_11_1
curl-7_12_0
curl-7_12_1
curl-7_12_2
curl-7_13_0
curl-7_13_1
curl-7_13_2
curl-7_14_0
curl-7_14_1
curl-7_15_0
curl-7_15_1
curl-7_15_3
curl-7_15_4
curl-7_15_5
curl-7_15_6-prepipeline
curl-7_16_0
curl-7_16_1
curl-7_16_2
curl-7_16_3
curl-7_16_4
curl-7_17_0
curl-7_17_1
curl-7_18_0
curl-7_18_1
curl-7_18_2
curl-7_19_0
curl-7_19_2
curl-7_19_3
curl-7_19_4
curl-7_19_5
curl-7_19_6
curl-7_19_7
curl-7_20_0
v1.*
v1.31.0
Database specific
{
"vanir_signatures": [
{
"target": {
"file": "test/ares-test-mock.cc"
},
"id": "CVE-2025-31498-10e838eb",
"source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
"digest": {
"line_hashes": [
"224096307660494967075126981659390143777",
"316584492157852318219749752785772135285",
"177188122338034081861117701975235246164"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"target": {
"file": "test/ares-test-mock-ai.cc"
},
"id": "CVE-2025-31498-1334e8c8",
"source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
"digest": {
"line_hashes": [
"1436877177975039831317575264470943359",
"25244448408673247709983251779887324208",
"165839986465120711819328927587544344453"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"target": {
"function": "ares_cookie_validate",
"file": "src/lib/ares_cookie.c"
},
"id": "CVE-2025-31498-173a92f5",
"source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
"digest": {
"length": 1596.0,
"function_hash": "277082667692585280219983628762356093771"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"function": "ares_requeue_query",
"file": "src/lib/ares_process.c"
},
"id": "CVE-2025-31498-17ba0c80",
"source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
"digest": {
"length": 603.0,
"function_hash": "18771635613544251080931875494469252663"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"function": "process_answer",
"file": "src/lib/ares_process.c"
},
"id": "CVE-2025-31498-1b9ffd41",
"source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
"digest": {
"length": 1983.0,
"function_hash": "293054723865756648543835061220799475655"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"file": "test/ares-test.h"
},
"id": "CVE-2025-31498-37c58779",
"source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
"digest": {
"line_hashes": [
"129800446669305396353125348863213532396",
"133337700181123435897548631795856808564",
"124050909299892468328177482722688404591",
"335601395212345449869783866877642123011",
"54720973334533285614974118956384449484",
"111114416968913494429234526486030458351",
"142316505317293017866819687817769267486",
"262446851771682951975641306849164492375",
"160945677333895107378488500375611999928",
"281280963387405444455464238860412751237",
"260988261153491650533887113586247916127"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"target": {
"file": "test/ares-test.cc"
},
"id": "CVE-2025-31498-4f83ef33",
"source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
"digest": {
"line_hashes": [
"107205191558033868904685146430534542602",
"192405814576967836447266367247083511556",
"144829440890748784227155338415792564638",
"200220810391957392138176634571412893010",
"139812142654765994478376356705997042850",
"238118838251520367774138271950320456809",
"172948854986953110597611845649204823756",
"87742821237674622111044296616603525331",
"229479623218737897591266531788246853789",
"250381265578769223601026673477449317648",
"55190894654770705352908767624312191990",
"318616554860955525151660536037217943369",
"29492047711532598517622481369570423537",
"89586250455391140400518481121627306486",
"194433563538414971795354522916816980627",
"77211955589150245120183923072265221229",
"117225085537565695717668930855374105055",
"260983701532178311236226266666878275080"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"target": {
"file": "src/lib/ares_private.h"
},
"id": "CVE-2025-31498-5957a825",
"source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
"digest": {
"line_hashes": [
"187058135902009178929862348476058742980",
"245941981654646948149590721303157000135",
"245182285910126972150042746186850492575",
"326244556697874912369195306857419053871",
"171456524266844580739256308657721862019",
"333604494170303888960569548365480873453",
"299689159274684892827765317877429747589",
"227181741779183082274950146883974112961"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"target": {
"function": "ares_requeue_queries",
"file": "src/lib/ares_close_sockets.c"
},
"id": "CVE-2025-31498-675880b4",
"source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
"digest": {
"length": 228.0,
"function_hash": "132830207916155997949474725274660738488"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"function": "ares_send_query",
"file": "src/lib/ares_process.c"
},
"id": "CVE-2025-31498-6a0996be",
"source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
"digest": {
"length": 2170.0,
"function_hash": "215646807030433524841682932203729356886"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"file": "src/lib/ares_close_sockets.c"
},
"id": "CVE-2025-31498-6c4518c1",
"source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
"digest": {
"line_hashes": [
"147224075748341956842513828929654022900",
"165912276056610917785774428034396811371",
"17209859502660168368103672068837650244",
"25012326463725282642563666136638665329"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"target": {
"function": "process_timeouts",
"file": "src/lib/ares_process.c"
},
"id": "CVE-2025-31498-92116ec6",
"source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
"digest": {
"length": 563.0,
"function_hash": "225933359929634977815033740725116604003"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"file": "src/lib/ares_cookie.c"
},
"id": "CVE-2025-31498-a217f5e5",
"source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
"digest": {
"line_hashes": [
"106144976454050888726725492795058160532",
"53901478993898342165207035837316994069",
"68829693763913987146331637967851092138",
"140775828438196271236160185783592568970",
"78366099080107361694475831042925704179",
"59156940379917532358376598060648725058",
"29709386716781310974778296818419394069",
"139815746207235485643310553775089207933"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"target": {
"function": "read_answers",
"file": "src/lib/ares_process.c"
},
"id": "CVE-2025-31498-c6588e5e",
"source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
"digest": {
"length": 788.0,
"function_hash": "102060083733474387777430797225488753394"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"file": "src/lib/ares_process.c"
},
"id": "CVE-2025-31498-cca3c6f7",
"source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
"digest": {
"line_hashes": [
"315291085617700883395605537883620608156",
"172802194483309429388214046291459807438",
"309996518509638432750433984846996215618",
"75108550685117055466400597756469428795",
"68654753038465326179582426660289463489",
"77395952406493187343057186277961150343",
"213051138191345144583947327118690269893",
"40871608050147331740983530283105157994",
"255823254558803452176228199920204716850",
"236938200095594072376444335660335462568",
"299519038163936793750430686785890298501",
"327341705871646555403489421887085496785",
"53792075913498540895317611702484483955",
"94313362882267524752818932597626408589",
"225867180612201611405613966374790115080",
"84936667880181104973119588342212967461",
"158665621001012360259782554048652218337",
"284077076186663484171672579045388849758",
"110767779020604511195210845059668315729",
"98050878731725423039320045957692635018",
"74218033779163308830325465699762259613",
"42792152515380832268060793751981449916",
"130971708648986851007219816160380323571",
"100612493504936331488706362266335162857",
"15842644341993068743514841835326153746",
"74267085403329902478453798846807265106",
"52413677239787837999124467928079739491",
"79819200229582398185156536354175990372",
"22052889034201848537582880163264683202",
"245803953167198951561155929985115727278",
"267952645240888199502265473518180246449",
"215317797266952336900623110669039279889",
"117280856697870069818648961972203711437",
"8441757077535614342946100974143814479",
"157723923250526173497583066057515374328",
"235955871052712682336329693693433005465",
"166276716208657157621418098072228057180",
"26141004603665036618917402501831236173",
"306655919475126359593804039851182236550",
"318352562605495613666715756232549225143",
"84057522473360322399587836936314943361",
"28412573489438448501382199703739007683",
"18157851637855096343845393485517778025",
"335072295309707535252769929248448962230",
"83281187511730811924360248841733415447",
"182471717468603559176544108082151833492",
"135647632860325845773649912527080946069",
"62658997109764444464029016782810249327",
"271541558417362765644181697481899323815",
"240162191390039182925159753340197405530",
"663048447165364657213996370440716041",
"29581071380887587840482801390297538846",
"15229101147031815492578261796439560515",
"63139542161007946904149139354303968749",
"155448010144867206139892042569088876227",
"332041784196193397743373377949884151320",
"130113849291935523070806830824851518735",
"74933017218631728669202294501367256875",
"317599666043773408679196094952694855119",
"232689568451221785761049811966613448280",
"167449145112554680484889206704787271588",
"338059010784624819362196783495160511747",
"193010041120239431686003661429351125102",
"54775741383001862236849093519580403109",
"295729677072171189918312037597353076857",
"264455831370851252222758944796510045382",
"201042158407601874256460560029869124072",
"178961743804939130026820147039156666957",
"234442061004562892109142447300307582554",
"194272356314329528492957139787565219942",
"143702413940329772963506001426179460861"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
}
]
}