A flaw was found in c-ares. A use-after-free / double-free vulnerability exists in the query-completion handling path, where a query callback is invoked while the query is still linked in internal lookup structures. A remote attacker can exploit this via ares_getaddrinfo() over TCP by sending crafted DNS responses that force an EDNS-downgrade retry followed by a connection reset, causing the internal completion handler to access freed memory. This leads to memory corruption and a crash (denial of service), with potential for further impact depending on the allocator and build configuration.
Metrics
Affected Vendors & Products
References
History
Thu, 09 Jul 2026 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
C-ares
C-ares c-ares |
|
| Vendors & Products |
C-ares
C-ares c-ares |
Thu, 09 Jul 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in c-ares. A use-after-free / double-free vulnerability exists in the query-completion handling path, where a query callback is invoked while the query is still linked in internal lookup structures. A remote attacker can exploit this via ares_getaddrinfo() over TCP by sending crafted DNS responses that force an EDNS-downgrade retry followed by a connection reset, causing the internal completion handler to access freed memory. This leads to memory corruption and a crash (denial of service), with potential for further impact depending on the allocator and build configuration. | |
| Title | c-ares: c-ares: Use-after-free / double-free in query-completion handling | |
| Weaknesses | CWE-416 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-09T13:30:05Z