CVE-2025-48945

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-48945
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-48945.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-48945
Related
Published
2025-06-20T20:15:33Z
Modified
2025-07-01T16:32:53.585396Z
Summary
[none]
Details

pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism.

References

Affected packages

Debian:11 / pycares

Package

Name
pycares
Purl
pkg:deb/debian/pycares?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1.1-1

4.*

4.1.2-1
4.1.2-2
4.3.0-1
4.3.0-2
4.4.0-1
4.4.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / pycares

Package

Name
pycares
Purl
pkg:deb/debian/pycares?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3.0-2
4.4.0-1
4.4.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / pycares

Package

Name
pycares
Purl
pkg:deb/debian/pycares?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3.0-2
4.4.0-1
4.4.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/aio-libs/aiodns

Affected ranges

Type
GIT
Repo
https://github.com/aio-libs/aiodns
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Type
GIT
Repo
https://github.com/saghul/pycares
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

aiodns-0.*

aiodns-0.1.0
aiodns-0.2.0
aiodns-0.3.0
aiodns-0.3.1
aiodns-0.3.2

aiodns-1.*

aiodns-1.0.0
aiodns-1.0.1
aiodns-1.1.1
aiodns-1.2.0

aiodns-2.*

aiodns-2.0.0
aiodns-2.0.0b0
aiodns-2.0.0b1
aiodns-2.0.0b2

aiodns-3.*

aiodns-3.0.0

pycares-0.*

pycares-0.6.0
pycares-0.6.1
pycares-0.6.2
pycares-0.6.3
pycares-0.7.0

pycares-1.*

pycares-1.0.0

pycares-2.*

pycares-2.0.0
pycares-2.0.1
pycares-2.1.0
pycares-2.1.1
pycares-2.2.0
pycares-2.3.0
pycares-2.4.0

pycares-3.*

pycares-3.0.0
pycares-3.0.0b0
pycares-3.0.0b1
pycares-3.0.0b2
pycares-3.0.0b3
pycares-3.0.0b4
pycares-3.0.0b5
pycares-3.1.0
pycares-3.1.0-fix1
pycares-3.1.0-fix2
pycares-3.1.0-fix3
pycares-3.1.1
pycares-3.2.0
pycares-3.2.1
pycares-3.2.2
pycares-3.2.3

pycares-4.*

pycares-4.0.0
pycares-4.1.0
pycares-4.1.1
pycares-4.1.2
pycares-4.2.0
pycares-4.2.1
pycares-4.2.2
pycares-4.3.0

release-0.*

release-0.1.0
release-0.2.0
release-0.3.0
release-0.4.0
release-0.5.0

v3.*

v3.1.0
v3.1.1
v3.2.0
v3.3.0
v3.4.0

v4.*

v4.4.0
v4.5.0
v4.6.0
v4.6.1
v4.7.0
v4.8.0