Name of the Vulnerable Software and Affected Versions c-ares (affected versions not specified)

Description The issue involves several potential problems, including a read-heap-buffer-overflow in ares parse soa reply discovered through fuzzing, a theoretical buffer overflow in the RC4 loop comparison, and invalid memory access due to an empty hquery->name. Additionally, ares parse {a,aaaa} reply() functions could return a larger *naddrttls than initially passed in.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.