CVE Vulnerabilities

CVE-2025-31498

Use After Free

Published: Apr 08, 2025 | Modified: Apr 08, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7 MODERATE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Ubuntu
MEDIUM

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.

Weakness

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory “belongs” to the code that operates on the new pointer.

Affected Software

Name Vendor Start Version End Version
Red Hat Enterprise Linux 10 RedHat nodejs22-1:22.15.0-1.el10_0 *
Red Hat Enterprise Linux 8 RedHat nodejs:22-8100020250429143334.6d880403 *
Red Hat Enterprise Linux 8 RedHat nodejs:20-8100020250425153222.489197e6 *
Red Hat Enterprise Linux 9 RedHat nodejs:20-9060020250425155626.rhel9 *
Red Hat Enterprise Linux 9 RedHat nodejs:22-9060020250428105352.rhel9 *
Red Hat Enterprise Linux 9.4 Extended Update Support RedHat nodejs:20-9040020250506133952.rhel9 *
C-ares Ubuntu oracular *
C-ares Ubuntu plucky *
C-ares Ubuntu upstream *

Potential Mitigations

References