How severe is CVE-2024-25629?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-25629?

This is classified as CWE-127, which is a common weakness in software security.

CVE-2024-25629 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.

Related Vulnerabilities

CVE-2025-32050

MEDIUM

CVSS:5.9(Medium)

A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.

CWE-1272025

CVE-2024-10395

HIGH

CVSS:8.6(High)

No proper validation of the length of user input in http_server_get_content_type_from_extension.

CWE-1272024

CVE-2020-1918

HIGH

CVSS:7.5(High)

In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions...

CWE-1272020

CVE-2020-5360

HIGH

CVSS:7.5(High)

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in...

CWE-1272020

CVE-2025-32050

MEDIUM

CVSS:5.9(Medium)

A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.

CWE-1272025