ALPINE-CVE-2025-31498

See a problem?
Please try reporting it to the source first.
Source
https://security.alpinelinux.org/vuln/CVE-2025-31498
Import Source
https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-31498.json
JSON Data
https://api.osv.dev/v1/vulns/ALPINE-CVE-2025-31498
Upstream
Published
2025-04-08T14:15:35Z
Modified
2025-10-22T16:32:28.234200Z
Severity
  • 8.3 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
[none]
Details

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers() when processanswer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.

References

Affected packages

Alpine:v3.21 / c-ares

Package

Name
c-ares
Purl
pkg:apk/alpine/c-ares?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.34.5-r0

Affected versions

1.*

1.6.0-r0
1.6.0-r1
1.7.0-r0
1.7.0-r1
1.7.3-r0
1.7.4-r0
1.7.4-r1
1.7.4-r2
1.7.5-r0
1.8.0-r0
1.9.0-r0
1.9.1-r0
1.10.0-r0
1.10.0-r1
1.11.0-r0
1.12.0-r0
1.13.0-r0
1.13.0-r1
1.14.0-r0
1.15.0-r0
1.15.0-r1
1.16.0-r0
1.16.1-r0
1.17.1-r0
1.17.1-r1
1.17.2-r0
1.18.1-r0
1.18.1-r1
1.19.0-r0
1.19.0-r1
1.19.0-r2
1.19.0-r3
1.19.0-r4
1.19.1-r0
1.19.1-r1
1.20.1-r0
1.21.0-r0
1.22.0-r0
1.22.1-r0
1.23.0-r0
1.24.0-r0
1.25.0-r0
1.25.0-r1
1.26.0-r0
1.27.0-r0
1.28.1-r0
1.29.0-r0
1.31.0-r0
1.32.0-r0
1.32.1-r0
1.32.2-r0
1.32.3-r0
1.33.0-r0
1.33.1-r0
1.34.1-r0
1.34.2-r0
1.34.2-r1
1.34.2-r2
1.34.3-r0
1.34.4-r0

Alpine:v3.22 / c-ares

Package

Name
c-ares
Purl
pkg:apk/alpine/c-ares?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.34.5-r0

Affected versions

1.*

1.6.0-r0
1.6.0-r1
1.7.0-r0
1.7.0-r1
1.7.3-r0
1.7.4-r0
1.7.4-r1
1.7.4-r2
1.7.5-r0
1.8.0-r0
1.9.0-r0
1.9.1-r0
1.10.0-r0
1.10.0-r1
1.11.0-r0
1.12.0-r0
1.13.0-r0
1.13.0-r1
1.14.0-r0
1.15.0-r0
1.15.0-r1
1.16.0-r0
1.16.1-r0
1.17.1-r0
1.17.1-r1
1.17.2-r0
1.18.1-r0
1.18.1-r1
1.19.0-r0
1.19.0-r1
1.19.0-r2
1.19.0-r3
1.19.0-r4
1.19.1-r0
1.19.1-r1
1.20.1-r0
1.21.0-r0
1.22.0-r0
1.22.1-r0
1.23.0-r0
1.24.0-r0
1.25.0-r0
1.25.0-r1
1.26.0-r0
1.27.0-r0
1.28.1-r0
1.29.0-r0
1.31.0-r0
1.32.0-r0
1.32.1-r0
1.32.2-r0
1.32.3-r0
1.33.0-r0
1.33.1-r0
1.34.1-r0
1.34.2-r0
1.34.2-r1
1.34.2-r2
1.34.3-r0
1.34.4-r0