CVE-2025-62408

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions c-ares versions 1.32.3 through 1.34.5

Description c-ares is an asynchronous resolver library. Versions between 1.32.3 and 1.34.5 improperly handle query termination after maximum attempts when utilizing the read answer() and process answer() functions. This can lead to a Denial of Service. The issue stems from a use-after-free condition that could cause a crash or denial of service.

Recommendations Update to version 1.34.6 or later.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

AZL-71854

BDU:2026-07336

CVE-2025-62408

DSA-6084-1

GHSA-JQ53-42Q6-PQR5

OPENSUSE-SU-2026:10007-1

OPENSUSE-SU-2026:10029-1

OPENSUSE-SU-2026:20698-1

RHSA-2026:7414

SUSE-SU-2026:21574-1

SUSE-SU-2026:21584-1

USN-7925-1

Affected Products

Alt Linux

Debian

Red Os

Ubuntu

C-Ares

CVE-2025-62408

Weakness Enumeration

Related Identifiers

Affected Products

References · 33