CVE-2025-62408

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-62408
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62408.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-62408
Aliases
  • GHSA-jq53-42q6-pqr5
Downstream
Published
2025-12-08T22:04:08.565Z
Modified
2026-01-13T19:56:15.593595Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
c-ares has a Use After Free vulnerability when connection is cleaned up after error
Details

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer() and processanswer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.

Database specific 
{
    "cwe_ids": [
        "CWE-416"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62408.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/c-ares/c-ares

Affected ranges

Type
GIT
Repo
https://github.com/c-ares/c-ares
Events
Introduced
5899dea2b1f8e78f311aaed7db98b82b5537c9f9
Fixed
3ac47ee46edd8ea40370222f91613fc16c434853

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62408.json"