Unrated severityNVD Advisory· Published Dec 8, 2025· Updated Dec 9, 2025

c-ares has a Use After Free vulnerability when connection is cleaned up after error

CVE-2025-62408

Description

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.

Affected products

C Ares/C Aresllm-fuzzy
Range: >=1.32.3, <=1.34.5
c-ares/c-aresv5
Range: > 1.32.3, < 1.34.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618mitrex_refsource_MISC
github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000