While working on the FuzzyAI project, we identified a critical vulnerability in the pycares package, which provides Python bindings for the c-ares asynchronous DNS library (this dependency used by FuzzyAI). The issue, disclosed as a use-after-free vulnerability, arises when the Channel object is garbage collected while DNS queries are still pending, potentially leading to fatal crashes or undefined behavior.
CVE Link
CVE Report
While working on the FuzzyAI project, we identified a critical vulnerability in the pycares package, which provides Python bindings for the c-ares asynchronous DNS library (this dependency used by FuzzyAI). The issue, disclosed as a use-after-free vulnerability, arises when the Channel object is garbage collected while DNS queries are still pending, potentially leading to fatal crashes or undefined behavior.
CVE Link
CVE Report