Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
Typedeb
Namespacedebian
Namec-ares
Version1.17.1-1+deb11u3
Qualifiers
distro trixie
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.17.1-1.1
Latest_non_vulnerable_version1.34.6-1
Affected_by_vulnerabilities
0
url VCID-3hy7-94d4-kyev
vulnerability_id VCID-3hy7-94d4-kyev
summary c-ares: Out of bounds read in ares__read_line()
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25629.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25629.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25629
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17283
published_at 2026-04-13T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.174
published_at 2026-04-02T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17447
published_at 2026-04-04T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.17229
published_at 2026-04-07T12:55:00Z
4
value 0.00055
scoring_system epss
scoring_elements 0.17321
published_at 2026-04-08T12:55:00Z
5
value 0.00055
scoring_system epss
scoring_elements 0.1738
published_at 2026-04-09T12:55:00Z
6
value 0.00055
scoring_system epss
scoring_elements 0.17392
published_at 2026-04-11T12:55:00Z
7
value 0.00055
scoring_system epss
scoring_elements 0.17342
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25629
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25629
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25629
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2265713
reference_id 2265713
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2265713
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K/
reference_id 2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K/
6
reference_url https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183
reference_id a804c04ddc8245fc8adf0e92368709639125e183
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/
url https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF/
reference_id CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF/
8
reference_url https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q
reference_id GHSA-mg26-v6qh-x48q
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/
url https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U/
reference_id GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U/
10
reference_url https://access.redhat.com/errata/RHSA-2024:2778
reference_id RHSA-2024:2778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2778
11
reference_url https://access.redhat.com/errata/RHSA-2024:2779
reference_id RHSA-2024:2779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2779
12
reference_url https://access.redhat.com/errata/RHSA-2024:2780
reference_id RHSA-2024:2780
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2780
13
reference_url https://access.redhat.com/errata/RHSA-2024:2853
reference_id RHSA-2024:2853
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2853
14
reference_url https://access.redhat.com/errata/RHSA-2024:2910
reference_id RHSA-2024:2910
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2910
15
reference_url https://access.redhat.com/errata/RHSA-2024:3842
reference_id RHSA-2024:3842
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3842
16
reference_url https://access.redhat.com/errata/RHSA-2024:4249
reference_id RHSA-2024:4249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4249
17
reference_url https://access.redhat.com/errata/RHSA-2024:4559
reference_id RHSA-2024:4559
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4559
18
reference_url https://access.redhat.com/errata/RHSA-2024:4721
reference_id RHSA-2024:4721
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4721
19
reference_url https://usn.ubuntu.com/6676-1/
reference_id USN-6676-1
reference_type
scores
url https://usn.ubuntu.com/6676-1/
fixed_packages
0
url pkg:deb/debian/c-ares@1.27.0-1?distro=trixie
purl pkg:deb/debian/c-ares@1.27.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.27.0-1%3Fdistro=trixie
1
url pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie
2
url pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie
aliases CVE-2024-25629
risk_score 2.0
exploitability 0.5
weighted_severity 4.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3hy7-94d4-kyev
1
url VCID-3nsu-sz9r-pkbf
vulnerability_id VCID-3nsu-sz9r-pkbf
summary 
Use of Insufficiently Random Values
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31124.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31124.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31124
reference_id
reference_type
scores
0
value 0.00075
scoring_system epss
scoring_elements 0.22622
published_at 2026-04-02T12:55:00Z
1
value 0.00075
scoring_system epss
scoring_elements 0.22511
published_at 2026-04-13T12:55:00Z
2
value 0.00075
scoring_system epss
scoring_elements 0.22664
published_at 2026-04-04T12:55:00Z
3
value 0.00075
scoring_system epss
scoring_elements 0.22454
published_at 2026-04-07T12:55:00Z
4
value 0.00075
scoring_system epss
scoring_elements 0.22536
published_at 2026-04-08T12:55:00Z
5
value 0.00075
scoring_system epss
scoring_elements 0.2259
published_at 2026-04-09T12:55:00Z
6
value 0.00075
scoring_system epss
scoring_elements 0.22605
published_at 2026-04-11T12:55:00Z
7
value 0.00075
scoring_system epss
scoring_elements 0.22565
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31124
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31124
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31124
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:36:12Z/
url https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:36:12Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:36:12Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2209494
reference_id 2209494
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2209494
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31124
reference_id CVE-2023-31124
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-31124
9
reference_url https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4
reference_id GHSA-54xr-f67r-4pc4
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:36:12Z/
url https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4
10
reference_url https://security.gentoo.org/glsa/202310-09
reference_id GLSA-202310-09
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:36:12Z/
url https://security.gentoo.org/glsa/202310-09
11
reference_url https://access.redhat.com/errata/RHSA-2023:3577
reference_id RHSA-2023:3577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3577
12
reference_url https://access.redhat.com/errata/RHSA-2023:3586
reference_id RHSA-2023:3586
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3586
13
reference_url https://access.redhat.com/errata/RHSA-2023:4033
reference_id RHSA-2023:4033
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4033
14
reference_url https://access.redhat.com/errata/RHSA-2023:4034
reference_id RHSA-2023:4034
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4034
15
reference_url https://access.redhat.com/errata/RHSA-2023:4035
reference_id RHSA-2023:4035
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4035
16
reference_url https://access.redhat.com/errata/RHSA-2023:4036
reference_id RHSA-2023:4036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4036
17
reference_url https://access.redhat.com/errata/RHSA-2023:4039
reference_id RHSA-2023:4039
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4039
18
reference_url https://access.redhat.com/errata/RHSA-2023:6635
reference_id RHSA-2023:6635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6635
fixed_packages
0
url pkg:deb/debian/c-ares@1.19.1-2?distro=trixie
purl pkg:deb/debian/c-ares@1.19.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.19.1-2%3Fdistro=trixie
1
url pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie
2
url pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie
aliases CVE-2023-31124, GHSA-54xr-f67r-4pc4
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3nsu-sz9r-pkbf
2
url VCID-h5yg-sx9b-ska5
vulnerability_id VCID-h5yg-sx9b-ska5
summary 
Use of Insufficiently Random Values
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31147.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31147.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31147
reference_id
reference_type
scores
0
value 0.00093
scoring_system epss
scoring_elements 0.26124
published_at 2026-04-02T12:55:00Z
1
value 0.00093
scoring_system epss
scoring_elements 0.25958
published_at 2026-04-13T12:55:00Z
2
value 0.00093
scoring_system epss
scoring_elements 0.26165
published_at 2026-04-04T12:55:00Z
3
value 0.00093
scoring_system epss
scoring_elements 0.25934
published_at 2026-04-07T12:55:00Z
4
value 0.00093
scoring_system epss
scoring_elements 0.26002
published_at 2026-04-08T12:55:00Z
5
value 0.00093
scoring_system epss
scoring_elements 0.26053
published_at 2026-04-09T12:55:00Z
6
value 0.00093
scoring_system epss
scoring_elements 0.26063
published_at 2026-04-11T12:55:00Z
7
value 0.00093
scoring_system epss
scoring_elements 0.26017
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31147
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31147
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:25:39Z/
url https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:25:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:25:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2209501
reference_id 2209501
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2209501
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31147
reference_id CVE-2023-31147
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-31147
9
reference_url https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2
reference_id GHSA-8r8p-23f3-64c2
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:25:39Z/
url https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2
10
reference_url https://security.gentoo.org/glsa/202310-09
reference_id GLSA-202310-09
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:25:39Z/
url https://security.gentoo.org/glsa/202310-09
11
reference_url https://access.redhat.com/errata/RHSA-2023:3577
reference_id RHSA-2023:3577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3577
12
reference_url https://access.redhat.com/errata/RHSA-2023:3586
reference_id RHSA-2023:3586
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3586
13
reference_url https://access.redhat.com/errata/RHSA-2023:4033
reference_id RHSA-2023:4033
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4033
14
reference_url https://access.redhat.com/errata/RHSA-2023:4034
reference_id RHSA-2023:4034
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4034
15
reference_url https://access.redhat.com/errata/RHSA-2023:4035
reference_id RHSA-2023:4035
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4035
16
reference_url https://access.redhat.com/errata/RHSA-2023:4036
reference_id RHSA-2023:4036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4036
17
reference_url https://access.redhat.com/errata/RHSA-2023:4039
reference_id RHSA-2023:4039
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4039
18
reference_url https://access.redhat.com/errata/RHSA-2023:6635
reference_id RHSA-2023:6635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6635
fixed_packages
0
url pkg:deb/debian/c-ares@1.19.1-2?distro=trixie
purl pkg:deb/debian/c-ares@1.19.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.19.1-2%3Fdistro=trixie
1
url pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie
2
url pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie
aliases CVE-2023-31147, GHSA-8r8p-23f3-64c2
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h5yg-sx9b-ska5
Fixing_vulnerabilities
0
url VCID-1xdz-dku3-qqc4
vulnerability_id VCID-1xdz-dku3-qqc4
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3672
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17144
published_at 2026-04-01T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17157
published_at 2026-04-13T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.1731
published_at 2026-04-02T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.17358
published_at 2026-04-04T12:55:00Z
4
value 0.00055
scoring_system epss
scoring_elements 0.17138
published_at 2026-04-07T12:55:00Z
5
value 0.00055
scoring_system epss
scoring_elements 0.17229
published_at 2026-04-08T12:55:00Z
6
value 0.00055
scoring_system epss
scoring_elements 0.17287
published_at 2026-04-09T12:55:00Z
7
value 0.00055
scoring_system epss
scoring_elements 0.17265
published_at 2026-04-11T12:55:00Z
8
value 0.00055
scoring_system epss
scoring_elements 0.17216
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3672
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1988342
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=1988342
3
reference_url https://c-ares.haxx.se/adv_20210810.html
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/
url https://c-ares.haxx.se/adv_20210810.html
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992053
reference_id 992053
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992053
7
reference_url https://security.archlinux.org/ASA-202108-13
reference_id ASA-202108-13
reference_type
scores
url https://security.archlinux.org/ASA-202108-13
8
reference_url https://security.archlinux.org/AVG-2268
reference_id AVG-2268
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2268
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3672
reference_id CVE-2021-3672
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-3672
10
reference_url https://security.gentoo.org/glsa/202401-02
reference_id GLSA-202401-02
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/
url https://security.gentoo.org/glsa/202401-02
11
reference_url https://security.gentoo.org/glsa/202405-29
reference_id GLSA-202405-29
reference_type
scores
url https://security.gentoo.org/glsa/202405-29
12
reference_url https://access.redhat.com/errata/RHSA-2021:3280
reference_id RHSA-2021:3280
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3280
13
reference_url https://access.redhat.com/errata/RHSA-2021:3281
reference_id RHSA-2021:3281
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3281
14
reference_url https://access.redhat.com/errata/RHSA-2021:3623
reference_id RHSA-2021:3623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3623
15
reference_url https://access.redhat.com/errata/RHSA-2021:3638
reference_id RHSA-2021:3638
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3638
16
reference_url https://access.redhat.com/errata/RHSA-2021:3639
reference_id RHSA-2021:3639
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3639
17
reference_url https://access.redhat.com/errata/RHSA-2021:3666
reference_id RHSA-2021:3666
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3666
18
reference_url https://access.redhat.com/errata/RHSA-2022:2043
reference_id RHSA-2022:2043
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2043
19
reference_url https://usn.ubuntu.com/5034-1/
reference_id USN-5034-1
reference_type
scores
url https://usn.ubuntu.com/5034-1/
20
reference_url https://usn.ubuntu.com/5034-2/
reference_id USN-5034-2
reference_type
scores
url https://usn.ubuntu.com/5034-2/
fixed_packages
0
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/c-ares@1.17.1-1.1?distro=trixie
purl pkg:deb/debian/c-ares@1.17.1-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1.1%3Fdistro=trixie
3
url pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
purl pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie
4
url pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie
aliases CVE-2021-3672
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xdz-dku3-qqc4
1
url VCID-33wk-w9ez-vyd2
vulnerability_id VCID-33wk-w9ez-vyd2
summary 
A heap-based buffer overflow in c-ares might allow remote attackers
    to cause a Denial of Service condition.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5180.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5180.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-5180
reference_id
reference_type
scores
0
value 0.18165
scoring_system epss
scoring_elements 0.95153
published_at 2026-04-01T12:55:00Z
1
value 0.18165
scoring_system epss
scoring_elements 0.9519
published_at 2026-04-13T12:55:00Z
2
value 0.18165
scoring_system epss
scoring_elements 0.95186
published_at 2026-04-11T12:55:00Z
3
value 0.18165
scoring_system epss
scoring_elements 0.95187
published_at 2026-04-12T12:55:00Z
4
value 0.18165
scoring_system epss
scoring_elements 0.95164
published_at 2026-04-02T12:55:00Z
5
value 0.18165
scoring_system epss
scoring_elements 0.95166
published_at 2026-04-04T12:55:00Z
6
value 0.18165
scoring_system epss
scoring_elements 0.95169
published_at 2026-04-07T12:55:00Z
7
value 0.18165
scoring_system epss
scoring_elements 0.95176
published_at 2026-04-08T12:55:00Z
8
value 0.18165
scoring_system epss
scoring_elements 0.9518
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-5180
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1380463
reference_id 1380463
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1380463
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839151
reference_id 839151
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839151
6
reference_url https://security.archlinux.org/ASA-201609-31
reference_id ASA-201609-31
reference_type
scores
url https://security.archlinux.org/ASA-201609-31
7
reference_url https://security.archlinux.org/AVG-37
reference_id AVG-37
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-37
8
reference_url https://security.gentoo.org/glsa/201701-28
reference_id GLSA-201701-28
reference_type
scores
url https://security.gentoo.org/glsa/201701-28
9
reference_url https://access.redhat.com/errata/RHSA-2017:0002
reference_id RHSA-2017:0002
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0002
10
reference_url https://usn.ubuntu.com/3143-1/
reference_id USN-3143-1
reference_type
scores
url https://usn.ubuntu.com/3143-1/
fixed_packages
0
url pkg:deb/debian/c-ares@1.12.0-1?distro=trixie
purl pkg:deb/debian/c-ares@1.12.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.12.0-1%3Fdistro=trixie
1
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
purl pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie
3
url pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie
aliases CVE-2016-5180
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-33wk-w9ez-vyd2
2
url VCID-5vh6-usw6-2qhy
vulnerability_id VCID-5vh6-usw6-2qhy
summary 
Improper Input Validation
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4904.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4904.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4904
reference_id
reference_type
scores
0
value 0.00161
scoring_system epss
scoring_elements 0.37124
published_at 2026-04-02T12:55:00Z
1
value 0.00161
scoring_system epss
scoring_elements 0.36999
published_at 2026-04-13T12:55:00Z
2
value 0.00161
scoring_system epss
scoring_elements 0.37156
published_at 2026-04-04T12:55:00Z
3
value 0.00161
scoring_system epss
scoring_elements 0.36987
published_at 2026-04-07T12:55:00Z
4
value 0.00161
scoring_system epss
scoring_elements 0.37037
published_at 2026-04-08T12:55:00Z
5
value 0.00161
scoring_system epss
scoring_elements 0.3705
published_at 2026-04-09T12:55:00Z
6
value 0.00161
scoring_system epss
scoring_elements 0.37059
published_at 2026-04-11T12:55:00Z
7
value 0.00161
scoring_system epss
scoring_elements 0.37025
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4904
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2168631
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2168631
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4904
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4904
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/c-ares/c-ares/issues/496
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/
url https://github.com/c-ares/c-ares/issues/496
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031525
reference_id 1031525
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031525
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/
reference_id 33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-4904
reference_id CVE-2022-4904
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-4904
10
reference_url https://security.gentoo.org/glsa/202401-02
reference_id GLSA-202401-02
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/
url https://security.gentoo.org/glsa/202401-02
11
reference_url https://access.redhat.com/errata/RHSA-2023:1533
reference_id RHSA-2023:1533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1533
12
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
13
reference_url https://access.redhat.com/errata/RHSA-2023:1742
reference_id RHSA-2023:1742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1742
14
reference_url https://access.redhat.com/errata/RHSA-2023:1743
reference_id RHSA-2023:1743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1743
15
reference_url https://access.redhat.com/errata/RHSA-2023:1744
reference_id RHSA-2023:1744
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1744
16
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
17
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
18
reference_url https://access.redhat.com/errata/RHSA-2023:4035
reference_id RHSA-2023:4035
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4035
19
reference_url https://access.redhat.com/errata/RHSA-2023:5533
reference_id RHSA-2023:5533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5533
20
reference_url https://access.redhat.com/errata/RHSA-2023:6291
reference_id RHSA-2023:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6291
21
reference_url https://access.redhat.com/errata/RHSA-2023:6635
reference_id RHSA-2023:6635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6635
22
reference_url https://access.redhat.com/errata/RHSA-2023:7116
reference_id RHSA-2023:7116
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7116
23
reference_url https://access.redhat.com/errata/RHSA-2023:7368
reference_id RHSA-2023:7368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7368
24
reference_url https://access.redhat.com/errata/RHSA-2023:7543
reference_id RHSA-2023:7543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7543
25
reference_url https://usn.ubuntu.com/5907-1/
reference_id USN-5907-1
reference_type
scores
url https://usn.ubuntu.com/5907-1/
fixed_packages
0
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/c-ares@1.18.1-2?distro=trixie
purl pkg:deb/debian/c-ares@1.18.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-2%3Fdistro=trixie
3
url pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
purl pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie
4
url pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie
aliases CVE-2022-4904
risk_score 3.9
exploitability 0.5
weighted_severity 7.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5vh6-usw6-2qhy
3
url VCID-dxnb-c4wc-vqdq
vulnerability_id VCID-dxnb-c4wc-vqdq
summary c-ares: c-ares: Denial of Service due to query termination after maximum attempts
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62408.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62408.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62408
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05069
published_at 2026-04-02T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05097
published_at 2026-04-04T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05119
published_at 2026-04-07T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05151
published_at 2026-04-08T12:55:00Z
4
value 0.00029
scoring_system epss
scoring_elements 0.08303
published_at 2026-04-09T12:55:00Z
5
value 0.00029
scoring_system epss
scoring_elements 0.08294
published_at 2026-04-11T12:55:00Z
6
value 0.00029
scoring_system epss
scoring_elements 0.08274
published_at 2026-04-12T12:55:00Z
7
value 0.00029
scoring_system epss
scoring_elements 0.08255
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62408
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2420217
reference_id 2420217
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2420217
4
reference_url https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618
reference_id 714bf5675c541bd1e668a8db8e67ce012651e618
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-09T14:20:03Z/
url https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618
5
reference_url https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5
reference_id GHSA-jq53-42q6-pqr5
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-09T14:20:03Z/
url https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5
6
reference_url https://usn.ubuntu.com/7925-1/
reference_id USN-7925-1
reference_type
scores
url https://usn.ubuntu.com/7925-1/
fixed_packages
0
url pkg:deb/debian/c-ares@0?distro=trixie
purl pkg:deb/debian/c-ares@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@0%3Fdistro=trixie
1
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
purl pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie
3
url pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie
aliases CVE-2025-62408
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dxnb-c4wc-vqdq
4
url VCID-gx39-xzj1-vfb7
vulnerability_id VCID-gx39-xzj1-vfb7
summary c-ares: ares_destroy() with pending ares_getaddrinfo() leads to Use-After-Free
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14354.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14354.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14354
reference_id
reference_type
scores
0
value 0.00188
scoring_system epss
scoring_elements 0.40602
published_at 2026-04-01T12:55:00Z
1
value 0.00188
scoring_system epss
scoring_elements 0.40687
published_at 2026-04-02T12:55:00Z
2
value 0.00188
scoring_system epss
scoring_elements 0.40715
published_at 2026-04-04T12:55:00Z
3
value 0.00188
scoring_system epss
scoring_elements 0.40637
published_at 2026-04-07T12:55:00Z
4
value 0.00188
scoring_system epss
scoring_elements 0.40688
published_at 2026-04-08T12:55:00Z
5
value 0.00188
scoring_system epss
scoring_elements 0.40697
published_at 2026-04-09T12:55:00Z
6
value 0.00188
scoring_system epss
scoring_elements 0.40714
published_at 2026-04-11T12:55:00Z
7
value 0.00188
scoring_system epss
scoring_elements 0.40679
published_at 2026-04-12T12:55:00Z
8
value 0.00188
scoring_system epss
scoring_elements 0.4066
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14354
2
reference_url https://c-ares.haxx.se/changelog.html
reference_id
reference_type
scores
url https://c-ares.haxx.se/changelog.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14354
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14354
4
reference_url https://packetstormsecurity.com/files/158755/GS20200804145053.txt
reference_id
reference_type
scores
url https://packetstormsecurity.com/files/158755/GS20200804145053.txt
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1866838
reference_id 1866838
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1866838
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14354
reference_id CVE-2020-14354
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-14354
fixed_packages
0
url pkg:deb/debian/c-ares@1.16.1-1?distro=trixie
purl pkg:deb/debian/c-ares@1.16.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.16.1-1%3Fdistro=trixie
1
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
purl pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie
3
url pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie
aliases CVE-2020-14354
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gx39-xzj1-vfb7
5
url VCID-krvu-3d14-yudt
vulnerability_id VCID-krvu-3d14-yudt
summary c-ares: Heap buffer over read in ares_parse_soa_reply
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22217.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22217.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-22217
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.30187
published_at 2026-04-01T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.30217
published_at 2026-04-02T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.30089
published_at 2026-04-13T12:55:00Z
3
value 0.00115
scoring_system epss
scoring_elements 0.30179
published_at 2026-04-09T12:55:00Z
4
value 0.00115
scoring_system epss
scoring_elements 0.30182
published_at 2026-04-11T12:55:00Z
5
value 0.00115
scoring_system epss
scoring_elements 0.30139
published_at 2026-04-12T12:55:00Z
6
value 0.00115
scoring_system epss
scoring_elements 0.30266
published_at 2026-04-04T12:55:00Z
7
value 0.00115
scoring_system epss
scoring_elements 0.30084
published_at 2026-04-07T12:55:00Z
8
value 0.00115
scoring_system epss
scoring_elements 0.30144
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-22217
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22217
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22217
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2235527
reference_id 2235527
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2235527
5
reference_url https://github.com/c-ares/c-ares/issues/333
reference_id 333
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:59:20Z/
url https://github.com/c-ares/c-ares/issues/333
6
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00014.html
reference_id msg00014.html
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:59:20Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00014.html
7
reference_url https://access.redhat.com/errata/RHSA-2023:7207
reference_id RHSA-2023:7207
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7207
8
reference_url https://access.redhat.com/errata/RHSA-2024:0419
reference_id RHSA-2024:0419
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0419
9
reference_url https://access.redhat.com/errata/RHSA-2024:0578
reference_id RHSA-2024:0578
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0578
10
reference_url https://usn.ubuntu.com/6376-1/
reference_id USN-6376-1
reference_type
scores
url https://usn.ubuntu.com/6376-1/
fixed_packages
0
url pkg:deb/debian/c-ares@1.17.1-1?distro=trixie
purl pkg:deb/debian/c-ares@1.17.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%3Fdistro=trixie
1
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
purl pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie
3
url pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie
aliases CVE-2020-22217
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-krvu-3d14-yudt
6
url VCID-kvkw-we2b-zbdn
vulnerability_id VCID-kvkw-we2b-zbdn
summary c-ares: c-ares has a use-after-free in read_answers()
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31498.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31498.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31498
reference_id
reference_type
scores
0
value 0.00618
scoring_system epss
scoring_elements 0.69914
published_at 2026-04-02T12:55:00Z
1
value 0.00618
scoring_system epss
scoring_elements 0.69966
published_at 2026-04-13T12:55:00Z
2
value 0.00618
scoring_system epss
scoring_elements 0.69929
published_at 2026-04-04T12:55:00Z
3
value 0.00618
scoring_system epss
scoring_elements 0.69907
published_at 2026-04-07T12:55:00Z
4
value 0.00618
scoring_system epss
scoring_elements 0.69954
published_at 2026-04-08T12:55:00Z
5
value 0.00618
scoring_system epss
scoring_elements 0.69971
published_at 2026-04-09T12:55:00Z
6
value 0.0067
scoring_system epss
scoring_elements 0.71349
published_at 2026-04-11T12:55:00Z
7
value 0.0067
scoring_system epss
scoring_elements 0.71334
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31498
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2358271
reference_id 2358271
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2358271
4
reference_url https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1
reference_id 29d38719112639d8c0ba910254a3dd4f482ea2d1
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T18:40:21Z/
url https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1
5
reference_url https://github.com/c-ares/c-ares/pull/821
reference_id 821
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T18:40:21Z/
url https://github.com/c-ares/c-ares/pull/821
6
reference_url https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v
reference_id GHSA-6hxc-62jh-p29v
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T18:40:21Z/
url https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v
7
reference_url https://access.redhat.com/errata/RHSA-2025:4459
reference_id RHSA-2025:4459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4459
8
reference_url https://access.redhat.com/errata/RHSA-2025:4461
reference_id RHSA-2025:4461
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4461
9
reference_url https://access.redhat.com/errata/RHSA-2025:7426
reference_id RHSA-2025:7426
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7426
10
reference_url https://access.redhat.com/errata/RHSA-2025:7433
reference_id RHSA-2025:7433
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7433
11
reference_url https://access.redhat.com/errata/RHSA-2025:7502
reference_id RHSA-2025:7502
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7502
12
reference_url https://access.redhat.com/errata/RHSA-2025:7537
reference_id RHSA-2025:7537
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7537
13
reference_url https://usn.ubuntu.com/7477-1/
reference_id USN-7477-1
reference_type
scores
url https://usn.ubuntu.com/7477-1/
fixed_packages
0
url pkg:deb/debian/c-ares@0?distro=trixie
purl pkg:deb/debian/c-ares@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@0%3Fdistro=trixie
1
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
purl pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie
3
url pkg:deb/debian/c-ares@1.34.5-1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%3Fdistro=trixie
4
url pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie
aliases CVE-2025-31498
risk_score 3.8
exploitability 0.5
weighted_severity 7.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kvkw-we2b-zbdn
7
url VCID-m4sn-7wuq-e3cd
vulnerability_id VCID-m4sn-7wuq-e3cd
summary A Denial of Service vulnerability was discovered in c-ares.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8277
reference_id
reference_type
scores
0
value 0.59168
scoring_system epss
scoring_elements 0.98219
published_at 2026-04-01T12:55:00Z
1
value 0.59168
scoring_system epss
scoring_elements 0.98233
published_at 2026-04-13T12:55:00Z
2
value 0.59168
scoring_system epss
scoring_elements 0.98226
published_at 2026-04-07T12:55:00Z
3
value 0.59168
scoring_system epss
scoring_elements 0.9823
published_at 2026-04-09T12:55:00Z
4
value 0.59168
scoring_system epss
scoring_elements 0.98222
published_at 2026-04-02T12:55:00Z
5
value 0.59168
scoring_system epss
scoring_elements 0.98225
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8277
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/
5
reference_url https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/
reference_id
reference_type
scores
url https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1898554
reference_id 1898554
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1898554
7
reference_url https://security.archlinux.org/ASA-202011-18
reference_id ASA-202011-18
reference_type
scores
url https://security.archlinux.org/ASA-202011-18
8
reference_url https://security.archlinux.org/AVG-1280
reference_id AVG-1280
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1280
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8277
reference_id CVE-2020-8277
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-8277
10
reference_url https://security.gentoo.org/glsa/202012-11
reference_id GLSA-202012-11
reference_type
scores
url https://security.gentoo.org/glsa/202012-11
11
reference_url https://access.redhat.com/errata/RHSA-2020:5305
reference_id RHSA-2020:5305
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5305
12
reference_url https://access.redhat.com/errata/RHSA-2020:5499
reference_id RHSA-2020:5499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5499
13
reference_url https://access.redhat.com/errata/RHSA-2021:0421
reference_id RHSA-2021:0421
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0421
14
reference_url https://access.redhat.com/errata/RHSA-2021:0551
reference_id RHSA-2021:0551
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0551
15
reference_url https://usn.ubuntu.com/4638-1/
reference_id USN-4638-1
reference_type
scores
url https://usn.ubuntu.com/4638-1/
fixed_packages
0
url pkg:deb/debian/c-ares@1.17.1-1?distro=trixie
purl pkg:deb/debian/c-ares@1.17.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%3Fdistro=trixie
1
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
purl pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie
3
url pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie
aliases CVE-2020-8277
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4sn-7wuq-e3cd
8
url VCID-pavw-rssx-53cg
vulnerability_id VCID-pavw-rssx-53cg
summary 
Uncontrolled Resource Consumption
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32067.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32067.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32067
reference_id
reference_type
scores
0
value 0.00409
scoring_system epss
scoring_elements 0.61263
published_at 2026-04-02T12:55:00Z
1
value 0.00409
scoring_system epss
scoring_elements 0.61309
published_at 2026-04-13T12:55:00Z
2
value 0.00409
scoring_system epss
scoring_elements 0.61292
published_at 2026-04-04T12:55:00Z
3
value 0.00409
scoring_system epss
scoring_elements 0.6126
published_at 2026-04-07T12:55:00Z
4
value 0.00409
scoring_system epss
scoring_elements 0.61307
published_at 2026-04-08T12:55:00Z
5
value 0.00409
scoring_system epss
scoring_elements 0.61322
published_at 2026-04-09T12:55:00Z
6
value 0.00409
scoring_system epss
scoring_elements 0.61342
published_at 2026-04-11T12:55:00Z
7
value 0.00409
scoring_system epss
scoring_elements 0.61328
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32067
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/
url https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2209502
reference_id 2209502
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2209502
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32067
reference_id CVE-2023-32067
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-32067
10
reference_url https://www.debian.org/security/2023/dsa-5419
reference_id dsa-5419
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/
url https://www.debian.org/security/2023/dsa-5419
11
reference_url https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
reference_id GHSA-9g78-jv2r-p7vc
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/
url https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
12
reference_url https://security.gentoo.org/glsa/202310-09
reference_id GLSA-202310-09
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/
url https://security.gentoo.org/glsa/202310-09
13
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html
reference_id msg00034.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/
url https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html
14
reference_url https://security.netapp.com/advisory/ntap-20240605-0004/
reference_id ntap-20240605-0004
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/
url https://security.netapp.com/advisory/ntap-20240605-0004/
15
reference_url https://access.redhat.com/errata/RHSA-2023:3559
reference_id RHSA-2023:3559
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3559
16
reference_url https://access.redhat.com/errata/RHSA-2023:3577
reference_id RHSA-2023:3577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3577
17
reference_url https://access.redhat.com/errata/RHSA-2023:3583
reference_id RHSA-2023:3583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3583
18
reference_url https://access.redhat.com/errata/RHSA-2023:3584
reference_id RHSA-2023:3584
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3584
19
reference_url https://access.redhat.com/errata/RHSA-2023:3586
reference_id RHSA-2023:3586
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3586
20
reference_url https://access.redhat.com/errata/RHSA-2023:3660
reference_id RHSA-2023:3660
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3660
21
reference_url https://access.redhat.com/errata/RHSA-2023:3662
reference_id RHSA-2023:3662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3662
22
reference_url https://access.redhat.com/errata/RHSA-2023:3665
reference_id RHSA-2023:3665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3665
23
reference_url https://access.redhat.com/errata/RHSA-2023:3677
reference_id RHSA-2023:3677
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3677
24
reference_url https://access.redhat.com/errata/RHSA-2023:3741
reference_id RHSA-2023:3741
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3741
25
reference_url https://access.redhat.com/errata/RHSA-2023:4033
reference_id RHSA-2023:4033
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4033
26
reference_url https://access.redhat.com/errata/RHSA-2023:4034
reference_id RHSA-2023:4034
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4034
27
reference_url https://access.redhat.com/errata/RHSA-2023:4035
reference_id RHSA-2023:4035
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4035
28
reference_url https://access.redhat.com/errata/RHSA-2023:4036
reference_id RHSA-2023:4036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4036
29
reference_url https://access.redhat.com/errata/RHSA-2023:4039
reference_id RHSA-2023:4039
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4039
30
reference_url https://usn.ubuntu.com/6164-1/
reference_id USN-6164-1
reference_type
scores
url https://usn.ubuntu.com/6164-1/
31
reference_url https://usn.ubuntu.com/6164-2/
reference_id USN-6164-2
reference_type
scores
url https://usn.ubuntu.com/6164-2/
fixed_packages
0
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie
1
url pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
purl pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie
2
url pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie
3
url pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie
aliases CVE-2023-32067, GHSA-9g78-jv2r-p7vc
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pavw-rssx-53cg
9
url VCID-vezx-cgbw-zqdp
vulnerability_id VCID-vezx-cgbw-zqdp
summary 
Buffer Underwrite ('Buffer Underflow')
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31130.json
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31130.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31130
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01772
published_at 2026-04-02T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01782
published_at 2026-04-13T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01785
published_at 2026-04-07T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01788
published_at 2026-04-08T12:55:00Z
4
value 0.00012
scoring_system epss
scoring_elements 0.01801
published_at 2026-04-09T12:55:00Z
5
value 0.00012
scoring_system epss
scoring_elements 0.01794
published_at 2026-04-11T12:55:00Z
6
value 0.00012
scoring_system epss
scoring_elements 0.01784
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31130
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067
4
reference_url https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/
url https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2209497
reference_id 2209497
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2209497
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31130
reference_id CVE-2023-31130
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-31130
9
reference_url https://www.debian.org/security/2023/dsa-5419
reference_id dsa-5419
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/
url https://www.debian.org/security/2023/dsa-5419
10
reference_url https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v
reference_id GHSA-x6mf-cxr9-8q6v
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/
url https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v
11
reference_url https://security.gentoo.org/glsa/202310-09
reference_id GLSA-202310-09
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/
url https://security.gentoo.org/glsa/202310-09
12
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html
reference_id msg00034.html
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/
url https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html
13
reference_url https://security.netapp.com/advisory/ntap-20240605-0005/
reference_id ntap-20240605-0005
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/
url https://security.netapp.com/advisory/ntap-20240605-0005/
14
reference_url https://access.redhat.com/errata/RHSA-2023:3577
reference_id RHSA-2023:3577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3577
15
reference_url https://access.redhat.com/errata/RHSA-2023:3586
reference_id RHSA-2023:3586
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3586
16
reference_url https://access.redhat.com/errata/RHSA-2023:4033
reference_id RHSA-2023:4033
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4033
17
reference_url https://access.redhat.com/errata/RHSA-2023:4034
reference_id RHSA-2023:4034
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4034
18
reference_url https://access.redhat.com/errata/RHSA-2023:4035
reference_id RHSA-2023:4035
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4035
19
reference_url https://access.redhat.com/errata/RHSA-2023:4036
reference_id RHSA-2023:4036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4036
20
reference_url https://access.redhat.com/errata/RHSA-2023:4039
reference_id RHSA-2023:4039
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4039
21
reference_url https://access.redhat.com/errata/RHSA-2023:6635
reference_id RHSA-2023:6635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6635
22
reference_url https://access.redhat.com/errata/RHSA-2023:7207
reference_id RHSA-2023:7207
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7207
23
reference_url https://access.redhat.com/errata/RHSA-2023:7392
reference_id RHSA-2023:7392
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7392
24
reference_url https://access.redhat.com/errata/RHSA-2023:7543
reference_id RHSA-2023:7543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7543
25
reference_url https://usn.ubuntu.com/6164-1/
reference_id USN-6164-1
reference_type
scores
url https://usn.ubuntu.com/6164-1/
26
reference_url https://usn.ubuntu.com/6164-2/
reference_id USN-6164-2
reference_type
scores
url https://usn.ubuntu.com/6164-2/
fixed_packages
0
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie
1
url pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
purl pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie
2
url pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie
3
url pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie
aliases CVE-2023-31130, GHSA-x6mf-cxr9-8q6v
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vezx-cgbw-zqdp
10
url VCID-w3cx-2jcp-pyga
vulnerability_id VCID-w3cx-2jcp-pyga
summary c-ares: NAPTR parser out of bounds access
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000381.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000381.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000381
reference_id
reference_type
scores
0
value 0.00506
scoring_system epss
scoring_elements 0.66165
published_at 2026-04-01T12:55:00Z
1
value 0.00506
scoring_system epss
scoring_elements 0.66239
published_at 2026-04-13T12:55:00Z
2
value 0.00506
scoring_system epss
scoring_elements 0.66263
published_at 2026-04-09T12:55:00Z
3
value 0.00506
scoring_system epss
scoring_elements 0.66284
published_at 2026-04-11T12:55:00Z
4
value 0.00506
scoring_system epss
scoring_elements 0.66271
published_at 2026-04-12T12:55:00Z
5
value 0.00506
scoring_system epss
scoring_elements 0.66206
published_at 2026-04-02T12:55:00Z
6
value 0.00506
scoring_system epss
scoring_elements 0.66233
published_at 2026-04-04T12:55:00Z
7
value 0.00506
scoring_system epss
scoring_elements 0.66203
published_at 2026-04-07T12:55:00Z
8
value 0.00506
scoring_system epss
scoring_elements 0.6625
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000381
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000381
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000381
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1463132
reference_id 1463132
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1463132
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865360
reference_id 865360
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865360
6
reference_url https://security.archlinux.org/ASA-201707-21
reference_id ASA-201707-21
reference_type
scores
url https://security.archlinux.org/ASA-201707-21
7
reference_url https://security.archlinux.org/AVG-315
reference_id AVG-315
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-315
8
reference_url https://access.redhat.com/errata/RHSA-2017:2908
reference_id RHSA-2017:2908
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2908
9
reference_url https://usn.ubuntu.com/3395-1/
reference_id USN-3395-1
reference_type
scores
url https://usn.ubuntu.com/3395-1/
10
reference_url https://usn.ubuntu.com/USN-4796-1/
reference_id USN-USN-4796-1
reference_type
scores
url https://usn.ubuntu.com/USN-4796-1/
fixed_packages
0
url pkg:deb/debian/c-ares@1.12.0-4?distro=trixie
purl pkg:deb/debian/c-ares@1.12.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.12.0-4%3Fdistro=trixie
1
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
purl pkg:deb/debian/c-ares@1.18.1-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie
3
url pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
purl pkg:deb/debian/c-ares@1.34.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie
aliases CVE-2017-1000381
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w3cx-2jcp-pyga
Risk_score2.6
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie