vulnerability

Red Hat: CVE-2025-31498: c-ares: c-ares has a use-after-free in read_answers() (Multiple Advisories)

Name: Red Hat: CVE-2025-31498: c-ares: c-ares has a use-after-free in read_answers() (Multiple Advisories)
Creator: Red Hat
Published: 2025-04-08T00:00:00.000Z
Keywords: CVE, CWE-416, Red Hat, 2025, 31498, c, redhat-upgrade-nodejs, redhat-upgrade-nodejs-debuginfo, redhat-upgrade-nodejs-debugsource, redhat-upgrade-nodejs-devel, redhat-upgrade-nodejs-docs, redhat-upgrade-nodejs-full-i18n, redhat-upgrade-nodejs-libs, redhat-upgrade-nodejs-libs-debuginfo, redhat-upgrade-nodejs-nodemon, redhat-upgrade-nodejs-packaging, redhat-upgrade-nodejs-packaging-bundler, redhat-upgrade-npm, redhat-upgrade-v8-12-4-devel, Severity 8

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:C)

Published

Apr 8, 2025

Added

May 6, 2025

Modified

Jun 12, 2026

Description

A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.

Solutions

redhat-upgrade-nodejsredhat-upgrade-nodejs-debuginforedhat-upgrade-nodejs-debugsourceredhat-upgrade-nodejs-develredhat-upgrade-nodejs-docsredhat-upgrade-nodejs-full-i18nredhat-upgrade-nodejs-libsredhat-upgrade-nodejs-libs-debuginforedhat-upgrade-nodejs-nodemonredhat-upgrade-nodejs-packagingredhat-upgrade-nodejs-packaging-bundlerredhat-upgrade-npmredhat-upgrade-v8-12-4-devel

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report