Name of the Vulnerable Software and Affected Versions:

c-ares lib version 1.16.0

Description:

The issue is related to a possible use-after-free and double-free in the c-ares library. This occurs when `ares destroy()` is called before `ares getaddrinfo()` completes. The flaw could allow an attacker to crash the service that uses the c-ares library, with the highest threat being to the service's availability.

Recommendations:

For c-ares lib version 1.16.0, ensure that `ares getaddrinfo()` completes before calling `ares destroy()` to prevent potential crashes. As a temporary workaround, consider avoiding the use of `ares destroy()` until `ares getaddrinfo()` has finished, or implement a delay between these function calls to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.