Unrated severityNVD Advisory· Published Dec 8, 2025· Updated Dec 9, 2025
c-ares has a Use After Free vulnerability when connection is cleaned up after error
CVE-2025-62408
Description
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords2 versionspkg:rpm/opensuse/c-ares&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/istioctl&distro=openSUSE%20Tumbleweed
< 1.34.6-1.1+ 1 more
- (no CPE)range: < 1.34.6-1.1
- (no CPE)range: < 1.28.2-1.1
Patches
Vulnerability mechanics
References
2- github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618mitrex_refsource_MISC
- github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.