Search for packages
| purl | pkg:deb/debian/c-ares@1.18.1-3 |
| Next non-vulnerable version | 1.34.5-1+deb13u1 |
| Latest non-vulnerable version | 1.34.5-1+deb13u1 |
| Risk | 2.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3hy7-94d4-kyev
Aliases: CVE-2024-25629 |
c-ares: Out of bounds read in ares__read_line() |
Affected by 0 other vulnerabilities. |
|
VCID-3nsu-sz9r-pkbf
Aliases: CVE-2023-31124 GHSA-54xr-f67r-4pc4 |
Use of Insufficiently Random Values c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1. |
Affected by 0 other vulnerabilities. |
|
VCID-h5yg-sx9b-ska5
Aliases: CVE-2023-31147 GHSA-8r8p-23f3-64c2 |
Use of Insufficiently Random Values c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T13:28:38.547805+00:00 | Debian Importer | Affected by | VCID-h5yg-sx9b-ska5 | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-16T13:12:13.570124+00:00 | Debian Importer | Affected by | VCID-3hy7-94d4-kyev | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-16T10:05:35.993965+00:00 | Debian Importer | Affected by | VCID-3nsu-sz9r-pkbf | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-13T09:17:59.049284+00:00 | Debian Importer | Affected by | VCID-h5yg-sx9b-ska5 | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-13T09:05:13.133282+00:00 | Debian Importer | Affected by | VCID-3hy7-94d4-kyev | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-13T06:46:31.176866+00:00 | Debian Importer | Affected by | VCID-3nsu-sz9r-pkbf | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-02T17:18:40.776416+00:00 | Debian Importer | Affected by | VCID-h5yg-sx9b-ska5 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-02T17:17:46.458775+00:00 | Debian Importer | Affected by | VCID-3hy7-94d4-kyev | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-02T17:07:01.163143+00:00 | Debian Importer | Affected by | VCID-3nsu-sz9r-pkbf | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |