{"id":"CVE-2020-14354","details":"A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.","modified":"2026-04-11T21:19:52.436998Z","published":"2021-05-13T14:15:17.503Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"},{"type":"ADVISORY","url":"https://c-ares.haxx.se/changelog.html"},{"type":"FIX","url":"https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1866838"},{"type":"EVIDENCE","url":"https://packetstormsecurity.com/files/158755/GS20200804145053.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/c-ares/c-ares","events":[{"introduced":"0"},{"last_affected":"077a587dccbe2f0d8a1987fbd3525333705c2249"},{"fixed":"1cc7e83c3bdfaafbc5919c95025592d8de3a170e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.16.0"}]}}],"versions":["c-ares-1_2_0","cares-1_10_0","cares-1_11_0","cares-1_11_0-rc1","cares-1_12_0","cares-1_13_0","cares-1_14_0","cares-1_15_0","cares-1_16_0","cares-1_1_0","cares-1_2_1","cares-1_3_1","cares-1_3_2","cares-1_4_0","cares-1_5_0","cares-1_5_1","cares-1_5_2","cares-1_5_3","cares-1_6_0","cares-1_7_0","cares-1_7_1","cares-1_7_2","cares-1_7_3","cares-1_7_4","cares-1_7_5","cares-1_8_0","cares-1_9_0","cares-1_9_1","curl-7_10_8","curl-7_11_0","curl-7_11_1","curl-7_12_0","curl-7_12_1","curl-7_12_2","curl-7_13_0","curl-7_13_1","curl-7_13_2","curl-7_14_0","curl-7_14_1","curl-7_15_0","curl-7_15_1","curl-7_15_3","curl-7_15_4","curl-7_15_5","curl-7_15_6-prepipeline","curl-7_16_0","curl-7_16_1","curl-7_16_2","curl-7_16_3","curl-7_16_4","curl-7_17_0","curl-7_17_1","curl-7_18_0","curl-7_18_1","curl-7_18_2","curl-7_19_0","curl-7_19_2","curl-7_19_3","curl-7_19_4","curl-7_19_5","curl-7_19_6","curl-7_19_7","curl-7_20_0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"33"}]}],"vanir_signatures":[{"id":"CVE-2020-14354-0943984d","signature_type":"Function","deprecated":false,"source":"https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e","signature_version":"v1","target":{"function":"host_callback","file":"ares_getaddrinfo.c"},"digest":{"length":625,"function_hash":"41641729463172895225490036612231902270"}},{"id":"CVE-2020-14354-61d1432b","signature_type":"Line","deprecated":false,"source":"https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e","signature_version":"v1","target":{"file":"ares_getaddrinfo.c"},"digest":{"threshold":0.9,"line_hashes":["188514934666865950876588083814903200380","216654447602516332471211556636820849519","280935007277571070082878613853237796717","123115424187489169459219809240179726727"]}}],"vanir_signatures_modified":"2026-04-11T21:19:52Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14354.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}]}