cvelistv5 - cve-2025-48945

CVE-2025-48945 (GCVE-0-2025-48945)

Vulnerability from cvelistv5

Published

2025-06-20 19:14

Modified

2025-06-20 20:06

Severity ?

8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-416 - Use After Free

Summary

pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism.

References

►

URL

Tags

	security-advisories@github.com	https://github.com/aio-libs/aiodns/commit/f259a6e3650555157af53ac2b39f2ff545321d55
	security-advisories@github.com	https://github.com/aio-libs/aiodns/releases/tag/v3.5.0
	security-advisories@github.com	https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4
	security-advisories@github.com	https://github.com/saghul/pycares/releases/tag/v4.9.0
	security-advisories@github.com	https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35
	security-advisories@github.com	https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35

Impacted products

	Vendor	Product	Version
	aio-libs	aiodns	Version: < 4.9.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48945",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-20T20:05:50.595661Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T20:06:23.612Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "aiodns",
          "vendor": "aio-libs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.9.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-20T19:14:27.403Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35"
        },
        {
          "name": "https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35"
        },
        {
          "name": "https://github.com/aio-libs/aiodns/commit/f259a6e3650555157af53ac2b39f2ff545321d55",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aio-libs/aiodns/commit/f259a6e3650555157af53ac2b39f2ff545321d55"
        },
        {
          "name": "https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4"
        },
        {
          "name": "https://github.com/aio-libs/aiodns/releases/tag/v3.5.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aio-libs/aiodns/releases/tag/v3.5.0"
        },
        {
          "name": "https://github.com/saghul/pycares/releases/tag/v4.9.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/saghul/pycares/releases/tag/v4.9.0"
        }
      ],
      "source": {
        "advisory": "GHSA-5qpg-rh4j-qp35",
        "discovery": "UNKNOWN"
      },
      "title": "pycares has a Use-After-Free Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-48945",
    "datePublished": "2025-06-20T19:14:27.403Z",
    "dateReserved": "2025-05-28T18:49:07.582Z",
    "dateUpdated": "2025-06-20T20:06:23.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-48945\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-06-20T20:15:33.570\",\"lastModified\":\"2025-06-23T20:16:21.633\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism.\"},{\"lang\":\"es\",\"value\":\"Pycares es un m\u00f3dulo de Python que proporciona una interfaz para c-ares. C-ares es una librer\u00eda de C que realiza solicitudes DNS y resoluciones de nombres de forma as\u00edncrona. En versiones anteriores a la 4.9.0, Pycares era vulnerable a una condici\u00f3n de use-after-free que se produce cuando un objeto de canal se recolecta como basura mientras las consultas DNS a\u00fan est\u00e1n pendientes. Esto provoca un error fatal de Python y un fallo del int\u00e9rprete. Esta vulnerabilidad se ha corregido en Pycares 4.9.0 mediante la implementaci\u00f3n de un mecanismo seguro de destrucci\u00f3n de canales.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"references\":[{\"url\":\"https://github.com/aio-libs/aiodns/commit/f259a6e3650555157af53ac2b39f2ff545321d55\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/aio-libs/aiodns/releases/tag/v3.5.0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/saghul/pycares/releases/tag/v4.9.0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-48945\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-20T20:05:50.595661Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-20T20:06:00.708Z\"}}], \"cna\": {\"title\": \"pycares has a Use-After-Free Vulnerability\", \"source\": {\"advisory\": \"GHSA-5qpg-rh4j-qp35\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"aio-libs\", \"product\": \"aiodns\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 4.9.0\"}]}], \"references\": [{\"url\": \"https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35\", \"name\": \"https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35\", \"name\": \"https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/aio-libs/aiodns/commit/f259a6e3650555157af53ac2b39f2ff545321d55\", \"name\": \"https://github.com/aio-libs/aiodns/commit/f259a6e3650555157af53ac2b39f2ff545321d55\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4\", \"name\": \"https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/aio-libs/aiodns/releases/tag/v3.5.0\", \"name\": \"https://github.com/aio-libs/aiodns/releases/tag/v3.5.0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/saghul/pycares/releases/tag/v4.9.0\", \"name\": \"https://github.com/saghul/pycares/releases/tag/v4.9.0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416: Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-06-20T19:14:27.403Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-48945\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-20T20:06:23.612Z\", \"dateReserved\": \"2025-05-28T18:49:07.582Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-06-20T19:14:27.403Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

opensuse-su-2025:15324-1

Vulnerability from csaf_opensuse

Published

2025-07-08 00:00

Modified

2025-07-08 00:00

Summary

python311-pycares-4.9.0-1.1 on GA media

Notes

Title of the patch

python311-pycares-4.9.0-1.1 on GA media

Description of the patch

These are all security issues fixed in the python311-pycares-4.9.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2025-15324

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "python311-pycares-4.9.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the python311-pycares-4.9.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15324",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15324-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-48945 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-48945/"
      }
    ],
    "title": "python311-pycares-4.9.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-07-08T00:00:00Z",
      "generator": {
        "date": "2025-07-08T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15324-1",
      "initial_release_date": "2025-07-08T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-07-08T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-pycares-4.9.0-1.1.aarch64",
                "product": {
                  "name": "python311-pycares-4.9.0-1.1.aarch64",
                  "product_id": "python311-pycares-4.9.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python312-pycares-4.9.0-1.1.aarch64",
                "product": {
                  "name": "python312-pycares-4.9.0-1.1.aarch64",
                  "product_id": "python312-pycares-4.9.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-pycares-4.9.0-1.1.aarch64",
                "product": {
                  "name": "python313-pycares-4.9.0-1.1.aarch64",
                  "product_id": "python313-pycares-4.9.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-pycares-4.9.0-1.1.ppc64le",
                "product": {
                  "name": "python311-pycares-4.9.0-1.1.ppc64le",
                  "product_id": "python311-pycares-4.9.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python312-pycares-4.9.0-1.1.ppc64le",
                "product": {
                  "name": "python312-pycares-4.9.0-1.1.ppc64le",
                  "product_id": "python312-pycares-4.9.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-pycares-4.9.0-1.1.ppc64le",
                "product": {
                  "name": "python313-pycares-4.9.0-1.1.ppc64le",
                  "product_id": "python313-pycares-4.9.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-pycares-4.9.0-1.1.s390x",
                "product": {
                  "name": "python311-pycares-4.9.0-1.1.s390x",
                  "product_id": "python311-pycares-4.9.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python312-pycares-4.9.0-1.1.s390x",
                "product": {
                  "name": "python312-pycares-4.9.0-1.1.s390x",
                  "product_id": "python312-pycares-4.9.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-pycares-4.9.0-1.1.s390x",
                "product": {
                  "name": "python313-pycares-4.9.0-1.1.s390x",
                  "product_id": "python313-pycares-4.9.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-pycares-4.9.0-1.1.x86_64",
                "product": {
                  "name": "python311-pycares-4.9.0-1.1.x86_64",
                  "product_id": "python311-pycares-4.9.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python312-pycares-4.9.0-1.1.x86_64",
                "product": {
                  "name": "python312-pycares-4.9.0-1.1.x86_64",
                  "product_id": "python312-pycares-4.9.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-pycares-4.9.0-1.1.x86_64",
                "product": {
                  "name": "python313-pycares-4.9.0-1.1.x86_64",
                  "product_id": "python313-pycares-4.9.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.9.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.aarch64"
        },
        "product_reference": "python311-pycares-4.9.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.9.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.ppc64le"
        },
        "product_reference": "python311-pycares-4.9.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.9.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.s390x"
        },
        "product_reference": "python311-pycares-4.9.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.9.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.x86_64"
        },
        "product_reference": "python311-pycares-4.9.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-pycares-4.9.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.aarch64"
        },
        "product_reference": "python312-pycares-4.9.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-pycares-4.9.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.ppc64le"
        },
        "product_reference": "python312-pycares-4.9.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-pycares-4.9.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.s390x"
        },
        "product_reference": "python312-pycares-4.9.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-pycares-4.9.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.x86_64"
        },
        "product_reference": "python312-pycares-4.9.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-pycares-4.9.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.aarch64"
        },
        "product_reference": "python313-pycares-4.9.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-pycares-4.9.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.ppc64le"
        },
        "product_reference": "python313-pycares-4.9.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-pycares-4.9.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.s390x"
        },
        "product_reference": "python313-pycares-4.9.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-pycares-4.9.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.x86_64"
        },
        "product_reference": "python313-pycares-4.9.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-48945",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-48945"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.s390x",
          "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.s390x",
          "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.s390x",
          "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-48945",
          "url": "https://www.suse.com/security/cve/CVE-2025-48945"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244691 for CVE-2025-48945",
          "url": "https://bugzilla.suse.com/1244691"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.s390x",
            "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.s390x",
            "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-08T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-48945"
    }
  ]
}

ghsa-5qpg-rh4j-qp35

Vulnerability from github

Published

2025-06-16 16:09

Modified

2025-06-16 16:09

Summary

pycares has a Use-After-Free Vulnerability

Details

Summary

pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash.

Details

Root Cause

The vulnerability stems from improper handling of callback references when the Channel object is destroyed:

When a DNS query is initiated, pycares stores a callback reference using ffi.new_handle()
If the Channel object is garbage collected while queries are pending, the callback references become invalid
When c-ares attempts to invoke the callback, it accesses freed memory, causing a fatal error

This issue was much more likely to occur when using event_thread=True but could happen without it under the right circumstances.

Technical Details

The core issue is a race condition between Python's garbage collector and c-ares's callback execution:

When __del__ is called from within a c-ares callback context, we cannot immediately call ares_destroy() because c-ares is still executing code after the callback returns
c-ares needs to execute cleanup code after our Python callback returns (specifically at lines 1422-1429 in ares_process.c)
If we destroy the channel too quickly, c-ares accesses freed memory

Impact

Applications using pycares can be crashed remotely by triggering DNS queries that result in Channel objects being garbage collected before query completion. This is particularly problematic in scenarios where:

Channel objects are created per-request
Multiple failed DNS queries are processed rapidly
The application doesn't properly manage Channel lifecycle

The error manifests as: Fatal Python error: b_from_handle: ffi.from_handle() detected that the address passed points to garbage

Fix

The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism

Mitigation

For Application Developers

Upgrade to pycares >= 4.9.0 - This version includes the fix and requires no code changes
Best practices (optional but recommended): ```python # Explicit cleanup channel.close()

# Or use context manager with pycares.Channel() as channel: # ... use channel ... # Automatically closed ``` 3. Avoid creating Channel objects per-request - Prefer long-lived instances for better performance and safety

The fix is completely transparent - no API changes or code modifications are required.

Credit

This vulnerability was reported by @vEpiphyte through the aio-libs security program.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.8.0"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "pycares"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.9.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-16T16:09:47Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\npycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash.\n\n## Details\n\n### Root Cause\n\nThe vulnerability stems from improper handling of callback references when the Channel object is destroyed:\n\n1. When a DNS query is initiated, pycares stores a callback reference using `ffi.new_handle()`\n2. If the Channel object is garbage collected while queries are pending, the callback references become invalid\n3. When c-ares attempts to invoke the callback, it accesses freed memory, causing a fatal error\n\nThis issue was much more likely to occur when using `event_thread=True` but could happen without it under the right circumstances.\n\n### Technical Details\n\nThe core issue is a race condition between Python\u0027s garbage collector and c-ares\u0027s callback execution:\n\n1. When `__del__` is called from within a c-ares callback context, we cannot immediately call `ares_destroy()` because c-ares is still executing code after the callback returns\n2. c-ares needs to execute cleanup code after our Python callback returns (specifically at lines 1422-1429 in ares_process.c)\n3. If we destroy the channel too quickly, c-ares accesses freed memory\n\n### Impact\n\nApplications using `pycares` can be crashed remotely by triggering DNS queries that result in `Channel` objects being garbage collected before query completion. This is particularly problematic in scenarios where:\n\n- Channel objects are created per-request\n- Multiple failed DNS queries are processed rapidly\n- The application doesn\u0027t properly manage Channel lifecycle\n\nThe error manifests as:\n```\nFatal Python error: b_from_handle: ffi.from_handle() detected that the address passed points to garbage\n```\n\n## Fix\n\nThe vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism\n\n## Mitigation\n\n### For Application Developers\n\n1. **Upgrade to pycares \u003e= 4.9.0** - This version includes the fix and requires no code changes\n2. **Best practices** (optional but recommended):\n   ```python\n   # Explicit cleanup\n   channel.close()\n   \n   # Or use context manager\n   with pycares.Channel() as channel:\n       # ... use channel ...\n   # Automatically closed\n   ```\n3. **Avoid creating Channel objects per-request** - Prefer long-lived instances for better performance and safety\n\nThe fix is completely transparent - no API changes or code modifications are required.\n\n## Credit\n\nThis vulnerability was reported by @vEpiphyte through the aio-libs security program.",
  "id": "GHSA-5qpg-rh4j-qp35",
  "modified": "2025-06-16T16:09:47Z",
  "published": "2025-06-16T16:09:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/saghul/pycares"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "pycares has a Use-After-Free Vulnerability"
}

fkie_cve-2025-48945

Vulnerability from fkie_nvd

Published

2025-06-20 20:15

Modified

2025-06-23 20:16

Severity ?

8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Summary

References

▶	URL	Tags
	security-advisories@github.com	https://github.com/aio-libs/aiodns/commit/f259a6e3650555157af53ac2b39f2ff545321d55
	security-advisories@github.com	https://github.com/aio-libs/aiodns/releases/tag/v3.5.0
	security-advisories@github.com	https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4
	security-advisories@github.com	https://github.com/saghul/pycares/releases/tag/v4.9.0
	security-advisories@github.com	https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35
	security-advisories@github.com	https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism."
    },
    {
      "lang": "es",
      "value": "Pycares es un m\u00f3dulo de Python que proporciona una interfaz para c-ares. C-ares es una librer\u00eda de C que realiza solicitudes DNS y resoluciones de nombres de forma as\u00edncrona. En versiones anteriores a la 4.9.0, Pycares era vulnerable a una condici\u00f3n de use-after-free que se produce cuando un objeto de canal se recolecta como basura mientras las consultas DNS a\u00fan est\u00e1n pendientes. Esto provoca un error fatal de Python y un fallo del int\u00e9rprete. Esta vulnerabilidad se ha corregido en Pycares 4.9.0 mediante la implementaci\u00f3n de un mecanismo seguro de destrucci\u00f3n de canales."
    }
  ],
  "id": "CVE-2025-48945",
  "lastModified": "2025-06-23T20:16:21.633",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-20T20:15:33.570",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/aio-libs/aiodns/commit/f259a6e3650555157af53ac2b39f2ff545321d55"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/aio-libs/aiodns/releases/tag/v3.5.0"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/saghul/pycares/releases/tag/v4.9.0"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-48945 (GCVE-0-2025-48945)

Vulnerability from cvelistv5

opensuse-su-2025:15324-1

Vulnerability from csaf_opensuse

ghsa-5qpg-rh4j-qp35

Vulnerability from github

Summary

Details

Root Cause

Technical Details

Impact

Fix

Mitigation

For Application Developers

Credit

fkie_cve-2025-48945

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature