CVE-2020-14354

Source
https://cve.org/CVERecord?id=CVE-2020-14354
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14354.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-14354
Downstream
Published
2021-05-13T14:15:17.503Z
Modified
2026-07-08T20:30:28.468466Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

A possible use-after-free and double-free in c-ares lib version 1.16.0 if aresdestroy() is called prior to aresgetaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"
            ],
            "vendor_product": "fedoraproject:fedora",
            "extracted_events": [
                {
                    "introduced": "33"
                },
                {
                    "last_affected": "33"
                }
            ],
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git / github.com/c-ares/c-ares

Affected ranges

Type
GIT
Repo
https://github.com/c-ares/c-ares
Events
Database specific
{
    "cpe": "cpe:2.3:a:c-ares:c-ares:1.16.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.16.0"
        },
        {
            "last_affected": "1.16.0"
        }
    ],
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ]
}

Affected versions

1.*
1.16.0
Other
cares-1_16_0

Database specific

vanir_signatures
[
    {
        "digest": {
            "function_hash": "41641729463172895225490036612231902270",
            "length": 625.0
        },
        "target": {
            "function": "host_callback",
            "file": "ares_getaddrinfo.c"
        },
        "id": "CVE-2020-14354-0943984d",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "188514934666865950876588083814903200380",
                "216654447602516332471211556636820849519",
                "280935007277571070082878613853237796717",
                "123115424187489169459219809240179726727"
            ]
        },
        "target": {
            "file": "ares_getaddrinfo.c"
        },
        "id": "CVE-2020-14354-61d1432b",
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e",
        "deprecated": false
    }
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14354.json"
vanir_signatures_modified
"2026-07-08T20:30:28Z"