Description

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.

INFO

Published Date :

2025-12-08T22:04:08.565Z

Last Modified :

2025-12-09T16:05:06.098Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-62408 vulnerability.

Vendors Products
C-ares
  • C-ares
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-62408.

URL Resource
https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618 cve-icon cve-icon cve-icon
https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-62408 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-62408 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact