{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T18:20:15.581","vulnerabilities":[{"cve":{"id":"CVE-2025-31498","sourceIdentifier":"security-advisories@github.com","published":"2025-04-08T14:15:35.293","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5."},{"lang":"es","value":"c-ares es una librería de resolución asíncrona. Desde la versión 1.32.3 hasta la 1.34.4, existe un método de use-after-free en read_answers() cuando process_answer() puede volver a poner en cola una consulta debido a un fallo de cookie DNS, a que el servidor ascendente no soporta correctamente EDNS o, posiblemente, en consultas TCP si el servidor remoto cerró la conexión inmediatamente después de una respuesta. Si hubiera un problema al intentar enviar esa nueva transacción, se cerraría el identificador de conexión, pero read_answers() seguía esperando que este estuviera disponible para, posiblemente, retirar otras respuestas de la cola. En teoría, un atacante remoto podría activar esto inundando el objetivo con paquetes ICMP UNREACHABLE si también controla el servidor de nombres ascendente y puede devolver un resultado con una de esas condiciones; esto no se ha probado. De lo contrario, solo un atacante local podría modificar el comportamiento del sistema para que send()/write() devuelva una condición de fallo. Esta vulnerabilidad se corrigió en la versión 1.34.5."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1","source":"security-advisories@github.com"},{"url":"https://github.com/c-ares/c-ares/pull/821","source":"security-advisories@github.com"},{"url":"https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v","source":"security-advisories@github.com"},{"url":"http://www.openwall.com/lists/oss-security/2025/04/08/3","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}