Use-After-Free and Double-Free Vulnerability in c-ares Library by Haxx
CVE-2020-14354

3.3LOW

Key Information:

Vendor

C-ares

Status
C-ares
Vendor
CVE Published:
13 May 2021

What is CVE-2020-14354?

A potential use-after-free and double-free vulnerability exists in the c-ares library version 1.16.0. This issue can occur if the ares_destroy() function is executed prior to the ares_getaddrinfo() function completing. An attacker can exploit this flaw, leading to instability and possible crashes in any service utilizing the c-ares library, thereby impacting service availability. It is crucial for system administrators and developers using this library to review their implementations and apply necessary updates to mitigate the risk of service disruption.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

c-ares c-ares 1.16.1

References

https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=1866838
x_refsource_MISC
https://packetstormsecurity.com/files/158755/GS2020080414...
x_refsource_MISC

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.