VYPR

crates.io package

netavark

pkg:cargo/netavark

Vulnerabilities (2)

  • CVE-2026-35406MedApr 7, 2026
    affected >= 1.16.0, < 1.17.1fixed 1.17.1

    Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1.

  • CVE-2025-8283LowJul 28, 2025
    affected < 1.15.1fixed 1.15.1

    A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, thi