VYPR
Unrated severityNVD Advisory· Published Dec 8, 2025· Updated Dec 9, 2025

c-ares has a Use After Free vulnerability when connection is cleaned up after error

CVE-2025-62408

Description

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.