CVE-2024-25629

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-25629
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25629.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-25629
Downstream
Related
Published
2024-02-23T15:15:09Z
Modified
2025-10-10T04:49:59.695236Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

c-ares is a C library for asynchronous DNS requests. ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded NULL character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.

References

Affected packages

Git / github.com/c-ares/c-ares

Affected ranges

Type
GIT
Repo
https://github.com/c-ares/c-ares
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a804c04ddc8245fc8adf0e92368709639125e183

Affected versions

Other

c-ares-1_17_0
c-ares-1_2_0
cares-1_10_0
cares-1_11_0
cares-1_11_0-rc1
cares-1_12_0
cares-1_13_0
cares-1_14_0
cares-1_15_0
cares-1_16_0
cares-1_16_1
cares-1_17_1
cares-1_17_2
cares-1_18_0
cares-1_18_1
cares-1_19_0
cares-1_19_1
cares-1_1_0
cares-1_20_0
cares-1_20_1
cares-1_21_0
cares-1_22_0
cares-1_22_1
cares-1_23_0
cares-1_24_0
cares-1_25_0
cares-1_26_0
cares-1_2_1
cares-1_3_1
cares-1_3_2
cares-1_4_0
cares-1_5_0
cares-1_5_1
cares-1_5_2
cares-1_5_3
cares-1_6_0
cares-1_7_0
cares-1_7_1
cares-1_7_2
cares-1_7_3
cares-1_7_4
cares-1_7_5
cares-1_8_0
cares-1_9_0
cares-1_9_1
curl-7_10_8
curl-7_11_0
curl-7_11_1
curl-7_12_0
curl-7_12_1
curl-7_12_2
curl-7_13_0
curl-7_13_1
curl-7_13_2
curl-7_14_0
curl-7_14_1
curl-7_15_0
curl-7_15_1
curl-7_15_3
curl-7_15_4
curl-7_15_5
curl-7_15_6-prepipeline
curl-7_16_0
curl-7_16_1
curl-7_16_2
curl-7_16_3
curl-7_16_4
curl-7_17_0
curl-7_17_1
curl-7_18_0
curl-7_18_1
curl-7_18_2
curl-7_19_0
curl-7_19_2
curl-7_19_3
curl-7_19_4
curl-7_19_5
curl-7_19_6
curl-7_19_7
curl-7_20_0

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2024-25629-1f2cd1f1",
            "digest": {
                "length": 761.0,
                "function_hash": "57112257550967704162705773570935872858"
            },
            "target": {
                "function": "ares__read_line",
                "file": "src/lib/ares__read_line.c"
            },
            "signature_version": "v1",
            "source": "https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183",
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2024-25629-5aa2ab7e",
            "digest": {
                "line_hashes": [
                    "182071347134682389267543468916879866151",
                    "172976239659837282304687908239947502217",
                    "265973271304584275805104067973476691766",
                    "308893332016198751064638464970499917241"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "src/lib/ares__read_line.c"
            },
            "signature_version": "v1",
            "source": "https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183",
            "deprecated": false,
            "signature_type": "Line"
        }
    ]
}