CVE-2025-62408

EUVD-2025-201830
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5  terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
c-aresc-ares
1.32.3 ≤
𝑥
< 1.34.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
c-ares
bookworm
1.18.1-3
fixed
bullseye
1.17.1-1+deb11u3
fixed
bullseye (security)
1.17.1-1+deb11u3
fixed
forky
1.34.6-1
fixed
sid
1.34.6-1
fixed
trixie
1.34.5-1+deb13u1
fixed
trixie (security)
1.34.5-1+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
c-ares
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
not-affected
plucky
Fixed 1.34.4-2.1ubuntu0.2
released
questing
Fixed 1.34.5-1ubuntu0.1
released
xenial
not-affected
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
nodejs20
Amazon Linux 2023
1:20.19.5-1.amzn2023.0.2
fixed
nodejs20-debuginfo
Amazon Linux 2023
1:20.19.5-1.amzn2023.0.2
fixed
nodejs20-debugsource
Amazon Linux 2023
1:20.19.5-1.amzn2023.0.2
fixed
nodejs20-devel
Amazon Linux 2023
1:20.19.5-1.amzn2023.0.2
fixed
nodejs20-docs
Amazon Linux 2023
1:20.19.5-1.amzn2023.0.2
fixed
nodejs20-full-i18n
Amazon Linux 2023
1:20.19.5-1.amzn2023.0.2
fixed
nodejs20-libs
Amazon Linux 2023
1:20.19.5-1.amzn2023.0.2
fixed
nodejs20-libs-debuginfo
Amazon Linux 2023
1:20.19.5-1.amzn2023.0.2
fixed
nodejs20-npm
Amazon Linux 2023
1:10.8.2-1.20.19.5.1.amzn2023.0.2
fixed
nodejs22
Amazon Linux 2023
1:22.21.1-1.amzn2023.0.2
fixed
nodejs22-debuginfo
Amazon Linux 2023
1:22.21.1-1.amzn2023.0.2
fixed
nodejs22-debugsource
Amazon Linux 2023
1:22.21.1-1.amzn2023.0.2
fixed
nodejs22-devel
Amazon Linux 2023
1:22.21.1-1.amzn2023.0.2
fixed
nodejs22-docs
Amazon Linux 2023
1:22.21.1-1.amzn2023.0.2
fixed
nodejs22-full-i18n
Amazon Linux 2023
1:22.21.1-1.amzn2023.0.2
fixed
nodejs22-libs
Amazon Linux 2023
1:22.21.1-1.amzn2023.0.2
fixed
nodejs22-libs-debuginfo
Amazon Linux 2023
1:22.21.1-1.amzn2023.0.2
fixed
nodejs22-npm
Amazon Linux 2023
1:10.9.4-1.22.21.1.1.amzn2023.0.2
fixed
nodejs24
Amazon Linux 2023
1:24.11.1-1.amzn2023.0.2
fixed
nodejs24-debuginfo
Amazon Linux 2023
1:24.11.1-1.amzn2023.0.2
fixed
nodejs24-debugsource
Amazon Linux 2023
1:24.11.1-1.amzn2023.0.2
fixed
nodejs24-devel
Amazon Linux 2023
1:24.11.1-1.amzn2023.0.2
fixed
nodejs24-docs
Amazon Linux 2023
1:24.11.1-1.amzn2023.0.2
fixed
nodejs24-full-i18n
Amazon Linux 2023
1:24.11.1-1.amzn2023.0.2
fixed
nodejs24-libs
Amazon Linux 2023
1:24.11.1-1.amzn2023.0.2
fixed
nodejs24-libs-debuginfo
Amazon Linux 2023
1:24.11.1-1.amzn2023.0.2
fixed
nodejs24-npm
Amazon Linux 2023
1:11.6.2-1.24.11.1.1.amzn2023.0.2
fixed
v8-11.3-devel
Amazon Linux 2023
3:11.3.244.8-1.20.19.5.1.amzn2023.0.2
fixed
v8-12.4-devel
Amazon Linux 2023
3:12.4.254.21-1.22.21.1.1.amzn2023.0.2
fixed
v8-13.6-devel
Amazon Linux 2023
3:13.6.233.10-1.24.11.1.1.amzn2023.0.2
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
fluent-bit
Azure Linux 3.0
0:3.1.10-4.azl3
fixed