CVE-2025-48945

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-48945

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-48945.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-48945

Downstream

UBUNTU-CVE-2025-48945

Related

GHSA-5qpg-rh4j-qp35

Published

2025-06-20T20:15:33Z

Modified

2025-07-01T16:32:53.585396Z

Summary

[none]

Details

pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism.

References

Affected packages

Debian:11 / pycares

Package

Name: pycares
Purl: pkg:deb/debian/pycares?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1.1-1

4.*

4.1.2-1

4.1.2-2

4.3.0-1

4.3.0-2

4.4.0-1

4.4.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / pycares

Package

Name: pycares
Purl: pkg:deb/debian/pycares?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3.0-2

4.4.0-1

4.4.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / pycares

Package

Name: pycares
Purl: pkg:deb/debian/pycares?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3.0-2

4.4.0-1

4.4.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/aio-libs/aiodns

Affected ranges

Type: GIT
Repo: https://github.com/aio-libs/aiodns
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

83533f4d17dd769a5bc0fce6e4c7610b6abde85e

Fixed

f259a6e3650555157af53ac2b39f2ff545321d55

Type: GIT
Repo: https://github.com/saghul/pycares
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4c761b47fd5116d5bb5cf46c509e07d8a9d0f99a

Fixed

ebfd7d71eb8e74bc1057a361ea79a5906db510d4

Affected versions

aiodns-0.*

aiodns-0.1.0

aiodns-0.2.0

aiodns-0.3.0

aiodns-0.3.1

aiodns-0.3.2

aiodns-1.*

aiodns-1.0.0

aiodns-1.0.1

aiodns-1.1.1

aiodns-1.2.0

aiodns-2.*

aiodns-2.0.0

aiodns-2.0.0b0

aiodns-2.0.0b1

aiodns-2.0.0b2

aiodns-3.*

aiodns-3.0.0

pycares-0.*

pycares-0.6.0

pycares-0.6.1

pycares-0.6.2

pycares-0.6.3

pycares-0.7.0

pycares-1.*

pycares-1.0.0

pycares-2.*

pycares-2.0.0

pycares-2.0.1

pycares-2.1.0

pycares-2.1.1

pycares-2.2.0

pycares-2.3.0

pycares-2.4.0

pycares-3.*

pycares-3.0.0

pycares-3.0.0b0

pycares-3.0.0b1

pycares-3.0.0b2

pycares-3.0.0b3

pycares-3.0.0b4

pycares-3.0.0b5

pycares-3.1.0

pycares-3.1.0-fix1

pycares-3.1.0-fix2

pycares-3.1.0-fix3

pycares-3.1.1

pycares-3.2.0

pycares-3.2.1

pycares-3.2.2

pycares-3.2.3

pycares-4.*

pycares-4.0.0

pycares-4.1.0

pycares-4.1.1

pycares-4.1.2

pycares-4.2.0

pycares-4.2.1

pycares-4.2.2

pycares-4.3.0

release-0.*

release-0.1.0

release-0.2.0

release-0.3.0

release-0.4.0

release-0.5.0

v3.*

v3.1.0

v3.1.1

v3.2.0

v3.3.0

v3.4.0

v4.*

v4.4.0

v4.5.0

v4.6.0

v4.6.1

v4.7.0

v4.8.0