CVE-2020-14354

Severity CVSS v4.0:
Pending analysis
Type:
CWE-415 Double Free
Publication date:
13/05/2021
Last modified:
07/11/2023

Description

A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:c-ares:c-ares:1.16.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*