Forum: >>> Magnum BBS <<<

Bug#1109377: pycares: CVE-2025-48945

From =?UTF-8?Q?Moritz_M=C3=BChlenhoff?=@21:1/5 to All on Wed Jul 16 11:30:02 2025

Package: pycares
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for pycares.

CVE-2025-48945[0]:
| pycares is a Python module which provides an interface to c-ares.
| c-ares is a C library that performs DNS requests and name
| resolutions asynchronously. Prior to version 4.9.0, pycares is
| vulnerable to a use-after-free condition that occurs when a Channel
| object is garbage collected while DNS queries are still pending.
| This results in a fatal Python error and interpreter crash. The
| vulnerability has been fixed in pycares 4.9.0 by implementing a safe
| channel destruction mechanism.

https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35
Fixed by: https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4 (v4.9.0)

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-48945
https://www.cve.org/CVERecord?id=CVE-2025-48945

Please adjust the affected versions in the BTS as needed.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	44:15:48
Calls:	12,111
Calls today:	2
Files:	15,010
Messages:	6,518,458