Search for vulnerabilities
Vulnerability details: VCID-urk1-zh41-7ya5
Vulnerability ID VCID-urk1-zh41-7ya5
Aliases CVE-2024-25629
Summary c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-127 Buffer Under-read
CWE-125 Out-of-bounds Read
System Score Found at
cvssv3 4.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25629.json
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-25629
cvssv3.1 4.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 4.4 https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183
ssvc Track https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183
cvssv3.1 4.4 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q
ssvc Track https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q
cvssv3.1 4.4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K/
cvssv3.1 4.4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF/
cvssv3.1 4.4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U/
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2024-25629
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25629.json
https://api.first.org/data/v1/epss?cve=CVE-2024-25629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25629
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2265713 https://bugzilla.redhat.com/show_bug.cgi?id=2265713
2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K/
a804c04ddc8245fc8adf0e92368709639125e183 https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183
cpe:2.3:a:c-ares:c-ares:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:c-ares:c-ares:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF/
CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629
GHSA-mg26-v6qh-x48q https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q
GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U/
RHSA-2024:2778 https://access.redhat.com/errata/RHSA-2024:2778
RHSA-2024:2779 https://access.redhat.com/errata/RHSA-2024:2779
RHSA-2024:2780 https://access.redhat.com/errata/RHSA-2024:2780
RHSA-2024:2853 https://access.redhat.com/errata/RHSA-2024:2853
RHSA-2024:2910 https://access.redhat.com/errata/RHSA-2024:2910
RHSA-2024:3842 https://access.redhat.com/errata/RHSA-2024:3842
RHSA-2024:4249 https://access.redhat.com/errata/RHSA-2024:4249
RHSA-2024:4559 https://access.redhat.com/errata/RHSA-2024:4559
RHSA-2024:4721 https://access.redhat.com/errata/RHSA-2024:4721
USN-6676-1 https://usn.ubuntu.com/6676-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25629.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/ Found at https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/ Found at https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K/
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF/
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U/
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-25629
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.0839
EPSS Score 0.00035
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:36:04.625251+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.17/main.json 37.0.0