CVE-2025-31498

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-31498
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-31498.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-31498
Aliases
  • GHSA-6hxc-62jh-p29v
Downstream
Related
Published
2025-04-08T14:15:35Z
Modified
2025-09-19T15:25:49.963886Z
Summary
[none]
Details

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers() when processanswer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.

References

Affected packages

Alpine:v3.21 / c-ares

Package

Name
c-ares
Purl
pkg:apk/alpine/c-ares?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.34.5-r0

Affected versions

1.*

1.6.0-r0
1.6.0-r1
1.7.0-r0
1.7.0-r1
1.7.3-r0
1.7.4-r0
1.7.4-r1
1.7.4-r2
1.7.5-r0
1.8.0-r0
1.9.0-r0
1.9.1-r0
1.10.0-r0
1.10.0-r1
1.11.0-r0
1.12.0-r0
1.13.0-r0
1.13.0-r1
1.14.0-r0
1.15.0-r0
1.15.0-r1
1.16.0-r0
1.16.1-r0
1.17.1-r0
1.17.1-r1
1.17.2-r0
1.18.1-r0
1.18.1-r1
1.19.0-r0
1.19.0-r1
1.19.0-r2
1.19.0-r3
1.19.0-r4
1.19.1-r0
1.19.1-r1
1.20.1-r0
1.21.0-r0
1.22.0-r0
1.22.1-r0
1.23.0-r0
1.24.0-r0
1.25.0-r0
1.25.0-r1
1.26.0-r0
1.27.0-r0
1.28.1-r0
1.29.0-r0
1.31.0-r0
1.32.0-r0
1.32.1-r0
1.32.2-r0
1.32.3-r0
1.33.0-r0
1.33.1-r0
1.34.1-r0
1.34.2-r0
1.34.2-r1
1.34.2-r2
1.34.3-r0
1.34.4-r0

Alpine:v3.22 / c-ares

Package

Name
c-ares
Purl
pkg:apk/alpine/c-ares?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.34.5-r0

Affected versions

1.*

1.6.0-r0
1.6.0-r1
1.7.0-r0
1.7.0-r1
1.7.3-r0
1.7.4-r0
1.7.4-r1
1.7.4-r2
1.7.5-r0
1.8.0-r0
1.9.0-r0
1.9.1-r0
1.10.0-r0
1.10.0-r1
1.11.0-r0
1.12.0-r0
1.13.0-r0
1.13.0-r1
1.14.0-r0
1.15.0-r0
1.15.0-r1
1.16.0-r0
1.16.1-r0
1.17.1-r0
1.17.1-r1
1.17.2-r0
1.18.1-r0
1.18.1-r1
1.19.0-r0
1.19.0-r1
1.19.0-r2
1.19.0-r3
1.19.0-r4
1.19.1-r0
1.19.1-r1
1.20.1-r0
1.21.0-r0
1.22.0-r0
1.22.1-r0
1.23.0-r0
1.24.0-r0
1.25.0-r0
1.25.0-r1
1.26.0-r0
1.27.0-r0
1.28.1-r0
1.29.0-r0
1.31.0-r0
1.32.0-r0
1.32.1-r0
1.32.2-r0
1.32.3-r0
1.33.0-r0
1.33.1-r0
1.34.1-r0
1.34.2-r0
1.34.2-r1
1.34.2-r2
1.34.3-r0
1.34.4-r0

Git / github.com/c-ares/c-ares

Affected ranges

Type
GIT
Repo
https://github.com/c-ares/c-ares
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

c-ares-1_17_0
c-ares-1_2_0
cares-1_10_0
cares-1_11_0
cares-1_11_0-rc1
cares-1_12_0
cares-1_13_0
cares-1_14_0
cares-1_15_0
cares-1_16_0
cares-1_16_1
cares-1_17_1
cares-1_17_2
cares-1_18_0
cares-1_18_1
cares-1_19_0
cares-1_19_1
cares-1_1_0
cares-1_20_0
cares-1_20_1
cares-1_21_0
cares-1_22_0
cares-1_22_1
cares-1_23_0
cares-1_24_0
cares-1_25_0
cares-1_26_0
cares-1_27_0
cares-1_28_0
cares-1_28_1
cares-1_29_0
cares-1_2_1
cares-1_3_1
cares-1_3_2
cares-1_4_0
cares-1_5_0
cares-1_5_1
cares-1_5_2
cares-1_5_3
cares-1_6_0
cares-1_7_0
cares-1_7_1
cares-1_7_2
cares-1_7_3
cares-1_7_4
cares-1_7_5
cares-1_8_0
cares-1_9_0
cares-1_9_1
curl-7_10_8
curl-7_11_0
curl-7_11_1
curl-7_12_0
curl-7_12_1
curl-7_12_2
curl-7_13_0
curl-7_13_1
curl-7_13_2
curl-7_14_0
curl-7_14_1
curl-7_15_0
curl-7_15_1
curl-7_15_3
curl-7_15_4
curl-7_15_5
curl-7_15_6-prepipeline
curl-7_16_0
curl-7_16_1
curl-7_16_2
curl-7_16_3
curl-7_16_4
curl-7_17_0
curl-7_17_1
curl-7_18_0
curl-7_18_1
curl-7_18_2
curl-7_19_0
curl-7_19_2
curl-7_19_3
curl-7_19_4
curl-7_19_5
curl-7_19_6
curl-7_19_7
curl-7_20_0

v1.*

v1.31.0

Database specific

{
    "vanir_signatures": [
        {
            "target": {
                "file": "test/ares-test-mock.cc"
            },
            "id": "CVE-2025-31498-10e838eb",
            "source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
            "digest": {
                "line_hashes": [
                    "224096307660494967075126981659390143777",
                    "316584492157852318219749752785772135285",
                    "177188122338034081861117701975235246164"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "target": {
                "file": "test/ares-test-mock-ai.cc"
            },
            "id": "CVE-2025-31498-1334e8c8",
            "source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
            "digest": {
                "line_hashes": [
                    "1436877177975039831317575264470943359",
                    "25244448408673247709983251779887324208",
                    "165839986465120711819328927587544344453"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "target": {
                "function": "ares_cookie_validate",
                "file": "src/lib/ares_cookie.c"
            },
            "id": "CVE-2025-31498-173a92f5",
            "source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
            "digest": {
                "length": 1596.0,
                "function_hash": "277082667692585280219983628762356093771"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "function": "ares_requeue_query",
                "file": "src/lib/ares_process.c"
            },
            "id": "CVE-2025-31498-17ba0c80",
            "source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
            "digest": {
                "length": 603.0,
                "function_hash": "18771635613544251080931875494469252663"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "function": "process_answer",
                "file": "src/lib/ares_process.c"
            },
            "id": "CVE-2025-31498-1b9ffd41",
            "source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
            "digest": {
                "length": 1983.0,
                "function_hash": "293054723865756648543835061220799475655"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "test/ares-test.h"
            },
            "id": "CVE-2025-31498-37c58779",
            "source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
            "digest": {
                "line_hashes": [
                    "129800446669305396353125348863213532396",
                    "133337700181123435897548631795856808564",
                    "124050909299892468328177482722688404591",
                    "335601395212345449869783866877642123011",
                    "54720973334533285614974118956384449484",
                    "111114416968913494429234526486030458351",
                    "142316505317293017866819687817769267486",
                    "262446851771682951975641306849164492375",
                    "160945677333895107378488500375611999928",
                    "281280963387405444455464238860412751237",
                    "260988261153491650533887113586247916127"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "target": {
                "file": "test/ares-test.cc"
            },
            "id": "CVE-2025-31498-4f83ef33",
            "source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
            "digest": {
                "line_hashes": [
                    "107205191558033868904685146430534542602",
                    "192405814576967836447266367247083511556",
                    "144829440890748784227155338415792564638",
                    "200220810391957392138176634571412893010",
                    "139812142654765994478376356705997042850",
                    "238118838251520367774138271950320456809",
                    "172948854986953110597611845649204823756",
                    "87742821237674622111044296616603525331",
                    "229479623218737897591266531788246853789",
                    "250381265578769223601026673477449317648",
                    "55190894654770705352908767624312191990",
                    "318616554860955525151660536037217943369",
                    "29492047711532598517622481369570423537",
                    "89586250455391140400518481121627306486",
                    "194433563538414971795354522916816980627",
                    "77211955589150245120183923072265221229",
                    "117225085537565695717668930855374105055",
                    "260983701532178311236226266666878275080"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/lib/ares_private.h"
            },
            "id": "CVE-2025-31498-5957a825",
            "source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
            "digest": {
                "line_hashes": [
                    "187058135902009178929862348476058742980",
                    "245941981654646948149590721303157000135",
                    "245182285910126972150042746186850492575",
                    "326244556697874912369195306857419053871",
                    "171456524266844580739256308657721862019",
                    "333604494170303888960569548365480873453",
                    "299689159274684892827765317877429747589",
                    "227181741779183082274950146883974112961"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "target": {
                "function": "ares_requeue_queries",
                "file": "src/lib/ares_close_sockets.c"
            },
            "id": "CVE-2025-31498-675880b4",
            "source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
            "digest": {
                "length": 228.0,
                "function_hash": "132830207916155997949474725274660738488"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "function": "ares_send_query",
                "file": "src/lib/ares_process.c"
            },
            "id": "CVE-2025-31498-6a0996be",
            "source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
            "digest": {
                "length": 2170.0,
                "function_hash": "215646807030433524841682932203729356886"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/lib/ares_close_sockets.c"
            },
            "id": "CVE-2025-31498-6c4518c1",
            "source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
            "digest": {
                "line_hashes": [
                    "147224075748341956842513828929654022900",
                    "165912276056610917785774428034396811371",
                    "17209859502660168368103672068837650244",
                    "25012326463725282642563666136638665329"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "target": {
                "function": "process_timeouts",
                "file": "src/lib/ares_process.c"
            },
            "id": "CVE-2025-31498-92116ec6",
            "source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
            "digest": {
                "length": 563.0,
                "function_hash": "225933359929634977815033740725116604003"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/lib/ares_cookie.c"
            },
            "id": "CVE-2025-31498-a217f5e5",
            "source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
            "digest": {
                "line_hashes": [
                    "106144976454050888726725492795058160532",
                    "53901478993898342165207035837316994069",
                    "68829693763913987146331637967851092138",
                    "140775828438196271236160185783592568970",
                    "78366099080107361694475831042925704179",
                    "59156940379917532358376598060648725058",
                    "29709386716781310974778296818419394069",
                    "139815746207235485643310553775089207933"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "target": {
                "function": "read_answers",
                "file": "src/lib/ares_process.c"
            },
            "id": "CVE-2025-31498-c6588e5e",
            "source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
            "digest": {
                "length": 788.0,
                "function_hash": "102060083733474387777430797225488753394"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/lib/ares_process.c"
            },
            "id": "CVE-2025-31498-cca3c6f7",
            "source": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1",
            "digest": {
                "line_hashes": [
                    "315291085617700883395605537883620608156",
                    "172802194483309429388214046291459807438",
                    "309996518509638432750433984846996215618",
                    "75108550685117055466400597756469428795",
                    "68654753038465326179582426660289463489",
                    "77395952406493187343057186277961150343",
                    "213051138191345144583947327118690269893",
                    "40871608050147331740983530283105157994",
                    "255823254558803452176228199920204716850",
                    "236938200095594072376444335660335462568",
                    "299519038163936793750430686785890298501",
                    "327341705871646555403489421887085496785",
                    "53792075913498540895317611702484483955",
                    "94313362882267524752818932597626408589",
                    "225867180612201611405613966374790115080",
                    "84936667880181104973119588342212967461",
                    "158665621001012360259782554048652218337",
                    "284077076186663484171672579045388849758",
                    "110767779020604511195210845059668315729",
                    "98050878731725423039320045957692635018",
                    "74218033779163308830325465699762259613",
                    "42792152515380832268060793751981449916",
                    "130971708648986851007219816160380323571",
                    "100612493504936331488706362266335162857",
                    "15842644341993068743514841835326153746",
                    "74267085403329902478453798846807265106",
                    "52413677239787837999124467928079739491",
                    "79819200229582398185156536354175990372",
                    "22052889034201848537582880163264683202",
                    "245803953167198951561155929985115727278",
                    "267952645240888199502265473518180246449",
                    "215317797266952336900623110669039279889",
                    "117280856697870069818648961972203711437",
                    "8441757077535614342946100974143814479",
                    "157723923250526173497583066057515374328",
                    "235955871052712682336329693693433005465",
                    "166276716208657157621418098072228057180",
                    "26141004603665036618917402501831236173",
                    "306655919475126359593804039851182236550",
                    "318352562605495613666715756232549225143",
                    "84057522473360322399587836936314943361",
                    "28412573489438448501382199703739007683",
                    "18157851637855096343845393485517778025",
                    "335072295309707535252769929248448962230",
                    "83281187511730811924360248841733415447",
                    "182471717468603559176544108082151833492",
                    "135647632860325845773649912527080946069",
                    "62658997109764444464029016782810249327",
                    "271541558417362765644181697481899323815",
                    "240162191390039182925159753340197405530",
                    "663048447165364657213996370440716041",
                    "29581071380887587840482801390297538846",
                    "15229101147031815492578261796439560515",
                    "63139542161007946904149139354303968749",
                    "155448010144867206139892042569088876227",
                    "332041784196193397743373377949884151320",
                    "130113849291935523070806830824851518735",
                    "74933017218631728669202294501367256875",
                    "317599666043773408679196094952694855119",
                    "232689568451221785761049811966613448280",
                    "167449145112554680484889206704787271588",
                    "338059010784624819362196783495160511747",
                    "193010041120239431686003661429351125102",
                    "54775741383001862236849093519580403109",
                    "295729677072171189918312037597353076857",
                    "264455831370851252222758944796510045382",
                    "201042158407601874256460560029869124072",
                    "178961743804939130026820147039156666957",
                    "234442061004562892109142447300307582554",
                    "194272356314329528492957139787565219942",
                    "143702413940329772963506001426179460861"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "deprecated": false
        }
    ]
}