Detections
Analytics

c-ares 1.32.3 < 1.34.5 Use After Free (macOS)

high Nessus Plugin ID 234803

Language:

Synopsis

The remote host is missing a security update.

Description

The version of c-ares installed on the remote host is affected by a use after free vulnerability. c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to c-ares version 1.34.5 or later.

See Also

http://www.nessus.org/u?816bce07

Plugin Details

Severity: High

ID: 234803

File Name: macos_c-ares_1_34_5.nasl

Version: 1.1

Type: local

Agent: macosx

Published: 4/24/2025

Updated: 4/24/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v4

Risk Factor: High

Base Score: 8.3

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/a:c-ares_project:c-ares

Required KB Items: Host/MacOSX/Version, installed_sw/c-ares

Patch Publication Date: 4/8/2025

Vulnerability Publication Date: 4/8/2025

Reference Information

CVE: CVE-2025-31498

IAVA: 2025-A-0250