Search for packages
Package details: pkg:deb/debian/c-ares@1.7.3-1squeeze1
purl pkg:deb/debian/c-ares@1.7.3-1squeeze1
Next non-vulnerable version 1.34.5-1
Latest non-vulnerable version 1.34.5-1
Risk 4.4
Vulnerabilities affecting this package (9)
Vulnerability Summary Fixed by
VCID-3euu-x4gm-aaah
Aliases:
CVE-2020-8277
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
1.17.1-1+deb11u3
Affected by 3 other vulnerabilities.
VCID-5uhr-uasq-aaak
Aliases:
CVE-2021-3672
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
1.14.0-1+deb10u1
Affected by 10 other vulnerabilities.
1.17.1-1+deb11u3
Affected by 3 other vulnerabilities.
VCID-7d9v-uz7u-aaag
Aliases:
CVE-2023-32067
GHSA-9g78-jv2r-p7vc
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
1.17.1-1~bpo10+1
Affected by 0 other vulnerabilities.
1.17.1-1+deb11u3
Affected by 3 other vulnerabilities.
VCID-bukj-6xnc-aaar
Aliases:
CVE-2022-4904
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
1.17.1-1~bpo10+1
Affected by 0 other vulnerabilities.
1.17.1-1+deb11u3
Affected by 3 other vulnerabilities.
VCID-csun-gvnt-aaak
Aliases:
CVE-2020-14354
A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.
1.17.1-1+deb11u3
Affected by 3 other vulnerabilities.
VCID-dq5b-2fna-aaab
Aliases:
CVE-2023-31130
GHSA-x6mf-cxr9-8q6v
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
1.17.1-1~bpo10+1
Affected by 0 other vulnerabilities.
1.17.1-1+deb11u3
Affected by 3 other vulnerabilities.
VCID-jzs1-a8ft-aaab
Aliases:
CVE-2020-22217
Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.
1.17.1-1~bpo10+1
Affected by 0 other vulnerabilities.
1.17.1-1+deb11u3
Affected by 3 other vulnerabilities.
VCID-kh8m-p7pa-aaap
Aliases:
CVE-2016-5180
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
1.10.0-2+deb8u2
Affected by 9 other vulnerabilities.
1.12.0-1+deb9u1
Affected by 8 other vulnerabilities.
VCID-xk13-p8qc-aaae
Aliases:
CVE-2017-1000381
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
1.14.0-1+deb10u1
Affected by 10 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T18:59:40.925262+00:00 Debian Oval Importer Affected by VCID-7d9v-uz7u-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:53:52.978930+00:00 Debian Oval Importer Affected by VCID-dq5b-2fna-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:50:49.217432+00:00 Debian Oval Importer Affected by VCID-xk13-p8qc-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:44:27.800588+00:00 Debian Oval Importer Affected by VCID-csun-gvnt-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:05:07.112717+00:00 Debian Oval Importer Affected by VCID-bukj-6xnc-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:44:35.196693+00:00 Debian Oval Importer Affected by VCID-jzs1-a8ft-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:26:46.729018+00:00 Debian Oval Importer Affected by VCID-xk13-p8qc-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:41:58.081422+00:00 Debian Oval Importer Affected by VCID-5uhr-uasq-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:13:45.826489+00:00 Debian Oval Importer Affected by VCID-7d9v-uz7u-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:52:06.197507+00:00 Debian Oval Importer Affected by VCID-dq5b-2fna-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:40:44.775620+00:00 Debian Oval Importer Affected by VCID-kh8m-p7pa-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T09:51:06.649671+00:00 Debian Oval Importer Affected by VCID-kh8m-p7pa-aaap https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-21T08:54:44.243420+00:00 Debian Oval Importer Affected by VCID-jzs1-a8ft-aaab None 36.1.3
2025-06-21T08:24:22.464360+00:00 Debian Oval Importer Affected by VCID-dq5b-2fna-aaab None 36.1.3
2025-06-21T08:24:19.489362+00:00 Debian Oval Importer Affected by VCID-7d9v-uz7u-aaag None 36.1.3
2025-06-21T07:36:53.324737+00:00 Debian Oval Importer Affected by VCID-bukj-6xnc-aaar None 36.1.3
2025-06-21T05:05:17.915200+00:00 Debian Oval Importer Affected by VCID-csun-gvnt-aaak None 36.1.3
2025-06-21T02:47:04.438114+00:00 Debian Oval Importer Affected by VCID-3euu-x4gm-aaah None 36.1.3
2025-06-21T00:16:41.158525+00:00 Debian Oval Importer Affected by VCID-5uhr-uasq-aaak None 36.1.3
2025-06-21T00:13:07.709968+00:00 Debian Oval Importer Affected by VCID-xk13-p8qc-aaae None 36.1.3
2025-06-20T19:49:08.720158+00:00 Debian Oval Importer Affected by VCID-kh8m-p7pa-aaap None 36.1.3
2025-06-08T12:21:34.237044+00:00 Debian Oval Importer Affected by VCID-bukj-6xnc-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:14:46.480594+00:00 Debian Oval Importer Affected by VCID-5uhr-uasq-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:29:01.316499+00:00 Debian Oval Importer Affected by VCID-7d9v-uz7u-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:23:38.893278+00:00 Debian Oval Importer Affected by VCID-dq5b-2fna-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:20:39.621684+00:00 Debian Oval Importer Affected by VCID-xk13-p8qc-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:14:27.908023+00:00 Debian Oval Importer Affected by VCID-csun-gvnt-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:36:45.166989+00:00 Debian Oval Importer Affected by VCID-bukj-6xnc-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:29:50.003452+00:00 Debian Oval Importer Affected by VCID-jzs1-a8ft-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:12:41.545771+00:00 Debian Oval Importer Affected by VCID-xk13-p8qc-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:36:12.455317+00:00 Debian Oval Importer Affected by VCID-5uhr-uasq-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:08:25.976789+00:00 Debian Oval Importer Affected by VCID-7d9v-uz7u-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:47:09.891858+00:00 Debian Oval Importer Affected by VCID-dq5b-2fna-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:37:00.643429+00:00 Debian Oval Importer Affected by VCID-kh8m-p7pa-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T03:39:46.927072+00:00 Debian Oval Importer Affected by VCID-kh8m-p7pa-aaap https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-08T02:41:11.122175+00:00 Debian Oval Importer Affected by VCID-jzs1-a8ft-aaab None 36.1.0
2025-06-08T02:05:41.595120+00:00 Debian Oval Importer Affected by VCID-dq5b-2fna-aaab None 36.1.0
2025-06-08T02:05:38.957569+00:00 Debian Oval Importer Affected by VCID-7d9v-uz7u-aaag None 36.1.0
2025-06-08T01:16:47.635457+00:00 Debian Oval Importer Affected by VCID-bukj-6xnc-aaar None 36.1.0
2025-06-07T22:42:44.427299+00:00 Debian Oval Importer Affected by VCID-csun-gvnt-aaak None 36.1.0
2025-06-07T20:13:03.182730+00:00 Debian Oval Importer Affected by VCID-3euu-x4gm-aaah None 36.1.0
2025-06-07T17:39:35.427485+00:00 Debian Oval Importer Affected by VCID-5uhr-uasq-aaak None 36.1.0
2025-06-07T17:35:57.182080+00:00 Debian Oval Importer Affected by VCID-xk13-p8qc-aaae None 36.1.0
2025-06-07T13:41:17.328343+00:00 Debian Oval Importer Affected by VCID-kh8m-p7pa-aaap None 36.1.0
2025-04-12T21:30:46.750215+00:00 Debian Oval Importer Affected by VCID-3euu-x4gm-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:52:51.297340+00:00 Debian Oval Importer Affected by VCID-kh8m-p7pa-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:28:42.394256+00:00 Debian Oval Importer Affected by VCID-jzs1-a8ft-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:07:33.951121+00:00 Debian Oval Importer Affected by VCID-bukj-6xnc-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:00:30.233180+00:00 Debian Oval Importer Affected by VCID-5uhr-uasq-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:13:16.324371+00:00 Debian Oval Importer Affected by VCID-7d9v-uz7u-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:07:43.437601+00:00 Debian Oval Importer Affected by VCID-dq5b-2fna-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:04:38.903491+00:00 Debian Oval Importer Affected by VCID-xk13-p8qc-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:58:09.540795+00:00 Debian Oval Importer Affected by VCID-csun-gvnt-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:18:15.770591+00:00 Debian Oval Importer Affected by VCID-bukj-6xnc-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:02:15.746218+00:00 Debian Oval Importer Affected by VCID-jzs1-a8ft-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:44:37.156940+00:00 Debian Oval Importer Affected by VCID-xk13-p8qc-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:08:31.976343+00:00 Debian Oval Importer Affected by VCID-5uhr-uasq-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:40:28.558003+00:00 Debian Oval Importer Affected by VCID-7d9v-uz7u-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:18:55.182416+00:00 Debian Oval Importer Affected by VCID-dq5b-2fna-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:08:33.804483+00:00 Debian Oval Importer Affected by VCID-kh8m-p7pa-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T02:07:35.501096+00:00 Debian Oval Importer Affected by VCID-kh8m-p7pa-aaap https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-08T01:08:30.064535+00:00 Debian Oval Importer Affected by VCID-jzs1-a8ft-aaab None 36.0.0
2025-04-08T00:37:36.119694+00:00 Debian Oval Importer Affected by VCID-dq5b-2fna-aaab None 36.0.0
2025-04-08T00:37:33.224316+00:00 Debian Oval Importer Affected by VCID-7d9v-uz7u-aaag None 36.0.0
2025-04-07T23:49:23.352445+00:00 Debian Oval Importer Affected by VCID-bukj-6xnc-aaar None 36.0.0
2025-04-07T21:14:33.221756+00:00 Debian Oval Importer Affected by VCID-csun-gvnt-aaak None 36.0.0
2025-04-07T18:49:31.595001+00:00 Debian Oval Importer Affected by VCID-3euu-x4gm-aaah None 36.0.0
2025-04-07T16:14:26.358000+00:00 Debian Oval Importer Affected by VCID-5uhr-uasq-aaak None 36.0.0
2025-04-07T16:10:39.653725+00:00 Debian Oval Importer Affected by VCID-xk13-p8qc-aaae None 36.0.0
2025-04-07T12:16:36.082094+00:00 Debian Oval Importer Affected by VCID-kh8m-p7pa-aaap None 36.0.0