VulnerableCode Package Details - pkg:conan/c-ares@1.16.0

Search for packages

Package details: pkg:conan/c-ares@1.16.0

Essentials
History (2)

purl	pkg:conan/c-ares@1.16.0
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-csun-gvnt-aaak Aliases: CVE-2020-14354	A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.	1.17.1 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-09-17T22:47:58.042540+00:00	GitLab Importer	Affected by	VCID-csun-gvnt-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/c-ares/CVE-2020-14354.yml	34.0.1
2024-01-03T18:09:02.582358+00:00	GitLab Importer	Affected by	VCID-csun-gvnt-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/c-ares/CVE-2020-14354.yml	34.0.0rc1