cvelistv5 - cve-2025-48945

CVE-2025-48945 (GCVE-0-2025-48945)

Vulnerability from cvelistv5 – Published: 2025-06-20 19:14 – Updated: 2025-06-20 20:06

Summary

pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism.

Severity ?

8.2 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-416 - Use After Free

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	aio-libs	aiodns	Affected: < 4.9.0

GHSA-5QPG-RH4J-QP35

Vulnerability from github – Published: 2025-06-16 16:09 – Updated: 2025-06-16 16:09

Summary

pycares has a Use-After-Free Vulnerability

Details

Summary

pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash.

Details

Root Cause

The vulnerability stems from improper handling of callback references when the Channel object is destroyed:

When a DNS query is initiated, pycares stores a callback reference using ffi.new_handle()
If the Channel object is garbage collected while queries are pending, the callback references become invalid
When c-ares attempts to invoke the callback, it accesses freed memory, causing a fatal error

This issue was much more likely to occur when using event_thread=True but could happen without it under the right circumstances.

Technical Details

The core issue is a race condition between Python's garbage collector and c-ares's callback execution:

When __del__ is called from within a c-ares callback context, we cannot immediately call ares_destroy() because c-ares is still executing code after the callback returns
c-ares needs to execute cleanup code after our Python callback returns (specifically at lines 1422-1429 in ares_process.c)
If we destroy the channel too quickly, c-ares accesses freed memory

Impact

Applications using pycares can be crashed remotely by triggering DNS queries that result in Channel objects being garbage collected before query completion. This is particularly problematic in scenarios where:

Channel objects are created per-request
Multiple failed DNS queries are processed rapidly
The application doesn't properly manage Channel lifecycle

The error manifests as:

Fatal Python error: b_from_handle: ffi.from_handle() detected that the address passed points to garbage

Fix

The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism

Mitigation

For Application Developers

Upgrade to pycares >= 4.9.0 - This version includes the fix and requires no code changes
Best practices (optional but recommended): ```python # Explicit cleanup channel.close()

# Or use context manager with pycares.Channel() as channel: # ... use channel ... # Automatically closed ``` 3. Avoid creating Channel objects per-request - Prefer long-lived instances for better performance and safety

The fix is completely transparent - no API changes or code modifications are required.

Credit

This vulnerability was reported by @vEpiphyte through the aio-libs security program.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.8.0"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "pycares"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.9.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-16T16:09:47Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\npycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash.\n\n## Details\n\n### Root Cause\n\nThe vulnerability stems from improper handling of callback references when the Channel object is destroyed:\n\n1. When a DNS query is initiated, pycares stores a callback reference using `ffi.new_handle()`\n2. If the Channel object is garbage collected while queries are pending, the callback references become invalid\n3. When c-ares attempts to invoke the callback, it accesses freed memory, causing a fatal error\n\nThis issue was much more likely to occur when using `event_thread=True` but could happen without it under the right circumstances.\n\n### Technical Details\n\nThe core issue is a race condition between Python\u0027s garbage collector and c-ares\u0027s callback execution:\n\n1. When `__del__` is called from within a c-ares callback context, we cannot immediately call `ares_destroy()` because c-ares is still executing code after the callback returns\n2. c-ares needs to execute cleanup code after our Python callback returns (specifically at lines 1422-1429 in ares_process.c)\n3. If we destroy the channel too quickly, c-ares accesses freed memory\n\n### Impact\n\nApplications using `pycares` can be crashed remotely by triggering DNS queries that result in `Channel` objects being garbage collected before query completion. This is particularly problematic in scenarios where:\n\n- Channel objects are created per-request\n- Multiple failed DNS queries are processed rapidly\n- The application doesn\u0027t properly manage Channel lifecycle\n\nThe error manifests as:\n```\nFatal Python error: b_from_handle: ffi.from_handle() detected that the address passed points to garbage\n```\n\n## Fix\n\nThe vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism\n\n## Mitigation\n\n### For Application Developers\n\n1. **Upgrade to pycares \u003e= 4.9.0** - This version includes the fix and requires no code changes\n2. **Best practices** (optional but recommended):\n   ```python\n   # Explicit cleanup\n   channel.close()\n   \n   # Or use context manager\n   with pycares.Channel() as channel:\n       # ... use channel ...\n   # Automatically closed\n   ```\n3. **Avoid creating Channel objects per-request** - Prefer long-lived instances for better performance and safety\n\nThe fix is completely transparent - no API changes or code modifications are required.\n\n## Credit\n\nThis vulnerability was reported by @vEpiphyte through the aio-libs security program.",
  "id": "GHSA-5qpg-rh4j-qp35",
  "modified": "2025-06-16T16:09:47Z",
  "published": "2025-06-16T16:09:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/saghul/pycares"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "pycares has a Use-After-Free Vulnerability"
}

OPENSUSE-SU-2025:15324-1

Vulnerability from csaf_opensuse - Published: 2025-07-08 00:00 - Updated: 2025-07-08 00:00

Summary

python311-pycares-4.9.0-1.1 on GA media

Notes

Title of the patch

python311-pycares-4.9.0-1.1 on GA media

Description of the patch

These are all security issues fixed in the python311-pycares-4.9.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2025-15324

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "python311-pycares-4.9.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the python311-pycares-4.9.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15324",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15324-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-48945 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-48945/"
      }
    ],
    "title": "python311-pycares-4.9.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-07-08T00:00:00Z",
      "generator": {
        "date": "2025-07-08T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15324-1",
      "initial_release_date": "2025-07-08T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-07-08T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-pycares-4.9.0-1.1.aarch64",
                "product": {
                  "name": "python311-pycares-4.9.0-1.1.aarch64",
                  "product_id": "python311-pycares-4.9.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python312-pycares-4.9.0-1.1.aarch64",
                "product": {
                  "name": "python312-pycares-4.9.0-1.1.aarch64",
                  "product_id": "python312-pycares-4.9.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-pycares-4.9.0-1.1.aarch64",
                "product": {
                  "name": "python313-pycares-4.9.0-1.1.aarch64",
                  "product_id": "python313-pycares-4.9.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-pycares-4.9.0-1.1.ppc64le",
                "product": {
                  "name": "python311-pycares-4.9.0-1.1.ppc64le",
                  "product_id": "python311-pycares-4.9.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python312-pycares-4.9.0-1.1.ppc64le",
                "product": {
                  "name": "python312-pycares-4.9.0-1.1.ppc64le",
                  "product_id": "python312-pycares-4.9.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-pycares-4.9.0-1.1.ppc64le",
                "product": {
                  "name": "python313-pycares-4.9.0-1.1.ppc64le",
                  "product_id": "python313-pycares-4.9.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-pycares-4.9.0-1.1.s390x",
                "product": {
                  "name": "python311-pycares-4.9.0-1.1.s390x",
                  "product_id": "python311-pycares-4.9.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python312-pycares-4.9.0-1.1.s390x",
                "product": {
                  "name": "python312-pycares-4.9.0-1.1.s390x",
                  "product_id": "python312-pycares-4.9.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-pycares-4.9.0-1.1.s390x",
                "product": {
                  "name": "python313-pycares-4.9.0-1.1.s390x",
                  "product_id": "python313-pycares-4.9.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-pycares-4.9.0-1.1.x86_64",
                "product": {
                  "name": "python311-pycares-4.9.0-1.1.x86_64",
                  "product_id": "python311-pycares-4.9.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python312-pycares-4.9.0-1.1.x86_64",
                "product": {
                  "name": "python312-pycares-4.9.0-1.1.x86_64",
                  "product_id": "python312-pycares-4.9.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-pycares-4.9.0-1.1.x86_64",
                "product": {
                  "name": "python313-pycares-4.9.0-1.1.x86_64",
                  "product_id": "python313-pycares-4.9.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.9.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.aarch64"
        },
        "product_reference": "python311-pycares-4.9.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.9.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.ppc64le"
        },
        "product_reference": "python311-pycares-4.9.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.9.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.s390x"
        },
        "product_reference": "python311-pycares-4.9.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.9.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.x86_64"
        },
        "product_reference": "python311-pycares-4.9.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-pycares-4.9.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.aarch64"
        },
        "product_reference": "python312-pycares-4.9.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-pycares-4.9.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.ppc64le"
        },
        "product_reference": "python312-pycares-4.9.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-pycares-4.9.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.s390x"
        },
        "product_reference": "python312-pycares-4.9.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-pycares-4.9.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.x86_64"
        },
        "product_reference": "python312-pycares-4.9.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-pycares-4.9.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.aarch64"
        },
        "product_reference": "python313-pycares-4.9.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-pycares-4.9.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.ppc64le"
        },
        "product_reference": "python313-pycares-4.9.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-pycares-4.9.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.s390x"
        },
        "product_reference": "python313-pycares-4.9.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-pycares-4.9.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.x86_64"
        },
        "product_reference": "python313-pycares-4.9.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-48945",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-48945"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.s390x",
          "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.s390x",
          "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.s390x",
          "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-48945",
          "url": "https://www.suse.com/security/cve/CVE-2025-48945"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244691 for CVE-2025-48945",
          "url": "https://bugzilla.suse.com/1244691"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.s390x",
            "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-pycares-4.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.s390x",
            "openSUSE Tumbleweed:python312-pycares-4.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-pycares-4.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-08T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-48945"
    }
  ]
}

SUSE-SU-2025:03354-1

Vulnerability from csaf_suse - Published: 2025-09-25 13:29 - Updated: 2025-09-25 13:29

Summary

Security update for python-pycares

Notes

Title of the patch

Security update for python-pycares

Description of the patch

This update for python-pycares fixes the following issues: Update to version 4.10.0 (jsc#PED-13442): - CVE-2025-48945: Fixed use-after-free vulnerability may have led to a crash (bsc#1244691).

Patchnames

SUSE-2025-3354,SUSE-SLE-Module-Python3-15-SP6-2025-3354,SUSE-SLE-Module-Python3-15-SP7-2025-3354,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3354,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3354,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3354,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3354,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3354,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3354,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3354,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3354,openSUSE-SLE-15.6-2025-3354

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for python-pycares",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for python-pycares fixes the following issues:\n\nUpdate to version 4.10.0 (jsc#PED-13442):  \n    \n- CVE-2025-48945: Fixed use-after-free vulnerability may have led to a crash (bsc#1244691).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-3354,SUSE-SLE-Module-Python3-15-SP6-2025-3354,SUSE-SLE-Module-Python3-15-SP7-2025-3354,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3354,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3354,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3354,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3354,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3354,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3354,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3354,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3354,openSUSE-SLE-15.6-2025-3354",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03354-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:03354-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503354-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:03354-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022640.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1244691",
        "url": "https://bugzilla.suse.com/1244691"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-48945 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-48945/"
      }
    ],
    "title": "Security update for python-pycares",
    "tracking": {
      "current_release_date": "2025-09-25T13:29:37Z",
      "generator": {
        "date": "2025-09-25T13:29:37Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:03354-1",
      "initial_release_date": "2025-09-25T13:29:37Z",
      "revision_history": [
        {
          "date": "2025-09-25T13:29:37Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-pycares-4.10.0-150400.9.8.1.aarch64",
                "product": {
                  "name": "python311-pycares-4.10.0-150400.9.8.1.aarch64",
                  "product_id": "python311-pycares-4.10.0-150400.9.8.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-pycares-4.10.0-150400.9.8.1.i586",
                "product": {
                  "name": "python311-pycares-4.10.0-150400.9.8.1.i586",
                  "product_id": "python311-pycares-4.10.0-150400.9.8.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-pycares-4.10.0-150400.9.8.1.ppc64le",
                "product": {
                  "name": "python311-pycares-4.10.0-150400.9.8.1.ppc64le",
                  "product_id": "python311-pycares-4.10.0-150400.9.8.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-pycares-4.10.0-150400.9.8.1.s390x",
                "product": {
                  "name": "python311-pycares-4.10.0-150400.9.8.1.s390x",
                  "product_id": "python311-pycares-4.10.0-150400.9.8.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-pycares-4.10.0-150400.9.8.1.x86_64",
                "product": {
                  "name": "python311-pycares-4.10.0-150400.9.8.1.x86_64",
                  "product_id": "python311-pycares-4.10.0-150400.9.8.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
                  "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Python 3 15 SP7",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Python 3 15 SP7",
                  "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-python3:15:sp7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.6",
                "product": {
                  "name": "openSUSE Leap 15.6",
                  "product_id": "openSUSE Leap 15.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-pycares-4.10.0-150400.9.8.1.aarch64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-pycares-4.10.0-150400.9.8.1.ppc64le"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-pycares-4.10.0-150400.9.8.1.s390x"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-pycares-4.10.0-150400.9.8.1.x86_64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pycares-4.10.0-150400.9.8.1.aarch64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pycares-4.10.0-150400.9.8.1.ppc64le"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pycares-4.10.0-150400.9.8.1.s390x"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pycares-4.10.0-150400.9.8.1.x86_64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pycares-4.10.0-150400.9.8.1.aarch64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pycares-4.10.0-150400.9.8.1.x86_64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.aarch64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.x86_64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pycares-4.10.0-150400.9.8.1.aarch64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pycares-4.10.0-150400.9.8.1.x86_64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.aarch64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.x86_64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.aarch64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.ppc64le"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.s390x"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.x86_64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.aarch64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.ppc64le"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.s390x"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.x86_64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pycares-4.10.0-150400.9.8.1.ppc64le"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pycares-4.10.0-150400.9.8.1.x86_64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pycares-4.10.0-150400.9.8.1.ppc64le"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pycares-4.10.0-150400.9.8.1.x86_64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.aarch64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:python311-pycares-4.10.0-150400.9.8.1.aarch64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.ppc64le as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:python311-pycares-4.10.0-150400.9.8.1.ppc64le"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.s390x as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:python311-pycares-4.10.0-150400.9.8.1.s390x"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-pycares-4.10.0-150400.9.8.1.x86_64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:python311-pycares-4.10.0-150400.9.8.1.x86_64"
        },
        "product_reference": "python311-pycares-4.10.0-150400.9.8.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-48945",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-48945"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pycares-4.10.0-150400.9.8.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pycares-4.10.0-150400.9.8.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pycares-4.10.0-150400.9.8.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pycares-4.10.0-150400.9.8.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-pycares-4.10.0-150400.9.8.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-pycares-4.10.0-150400.9.8.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-pycares-4.10.0-150400.9.8.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pycares-4.10.0-150400.9.8.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pycares-4.10.0-150400.9.8.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pycares-4.10.0-150400.9.8.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.s390x",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.s390x",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pycares-4.10.0-150400.9.8.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pycares-4.10.0-150400.9.8.1.x86_64",
          "openSUSE Leap 15.6:python311-pycares-4.10.0-150400.9.8.1.aarch64",
          "openSUSE Leap 15.6:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
          "openSUSE Leap 15.6:python311-pycares-4.10.0-150400.9.8.1.s390x",
          "openSUSE Leap 15.6:python311-pycares-4.10.0-150400.9.8.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-48945",
          "url": "https://www.suse.com/security/cve/CVE-2025-48945"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244691 for CVE-2025-48945",
          "url": "https://bugzilla.suse.com/1244691"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pycares-4.10.0-150400.9.8.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pycares-4.10.0-150400.9.8.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-pycares-4.10.0-150400.9.8.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-pycares-4.10.0-150400.9.8.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pycares-4.10.0-150400.9.8.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pycares-4.10.0-150400.9.8.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.s390x",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "openSUSE Leap 15.6:python311-pycares-4.10.0-150400.9.8.1.aarch64",
            "openSUSE Leap 15.6:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
            "openSUSE Leap 15.6:python311-pycares-4.10.0-150400.9.8.1.s390x",
            "openSUSE Leap 15.6:python311-pycares-4.10.0-150400.9.8.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pycares-4.10.0-150400.9.8.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pycares-4.10.0-150400.9.8.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-pycares-4.10.0-150400.9.8.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-pycares-4.10.0-150400.9.8.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pycares-4.10.0-150400.9.8.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pycares-4.10.0-150400.9.8.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.s390x",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pycares-4.10.0-150400.9.8.1.x86_64",
            "openSUSE Leap 15.6:python311-pycares-4.10.0-150400.9.8.1.aarch64",
            "openSUSE Leap 15.6:python311-pycares-4.10.0-150400.9.8.1.ppc64le",
            "openSUSE Leap 15.6:python311-pycares-4.10.0-150400.9.8.1.s390x",
            "openSUSE Leap 15.6:python311-pycares-4.10.0-150400.9.8.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-25T13:29:37Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-48945"
    }
  ]
}

FKIE_CVE-2025-48945

Vulnerability from fkie_nvd - Published: 2025-06-20 20:15 - Updated: 2025-06-23 20:16

Severity ?

8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/aio-libs/aiodns/commit/f259a6e3650555157af53ac2b39f2ff545321d55
	security-advisories@github.com	https://github.com/aio-libs/aiodns/releases/tag/v3.5.0
	security-advisories@github.com	https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4
	security-advisories@github.com	https://github.com/saghul/pycares/releases/tag/v4.9.0
	security-advisories@github.com	https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism."
    },
    {
      "lang": "es",
      "value": "Pycares es un m\u00f3dulo de Python que proporciona una interfaz para c-ares. C-ares es una librer\u00eda de C que realiza solicitudes DNS y resoluciones de nombres de forma as\u00edncrona. En versiones anteriores a la 4.9.0, Pycares era vulnerable a una condici\u00f3n de use-after-free que se produce cuando un objeto de canal se recolecta como basura mientras las consultas DNS a\u00fan est\u00e1n pendientes. Esto provoca un error fatal de Python y un fallo del int\u00e9rprete. Esta vulnerabilidad se ha corregido en Pycares 4.9.0 mediante la implementaci\u00f3n de un mecanismo seguro de destrucci\u00f3n de canales."
    }
  ],
  "id": "CVE-2025-48945",
  "lastModified": "2025-06-23T20:16:21.633",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-20T20:15:33.570",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/aio-libs/aiodns/commit/f259a6e3650555157af53ac2b39f2ff545321d55"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/aio-libs/aiodns/releases/tag/v3.5.0"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/saghul/pycares/releases/tag/v4.9.0"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-48945 (GCVE-0-2025-48945)

GHSA-5QPG-RH4J-QP35

Summary

Details

Root Cause

Technical Details

Impact

Fix

Mitigation

For Application Developers

Credit

OPENSUSE-SU-2025:15324-1

SUSE-SU-2025:03354-1

FKIE_CVE-2025-48945

Tags

Sightings

Nomenclature