What is CVE-2020-14354?

A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.

What is the severity of CVE-2020-14354?

CVE-2020-14354 has a CVSS v3 score of 3.3, which is classified as Low severity.

Is there an exploit available for CVE-2020-14354?

Yes, there are known exploits available for CVE-2020-14354. Immediate patching is recommended.

Is there a patch available for CVE-2020-14354?

Yes, patches are available for CVE-2020-14354. Check the vendor advisories for update instructions.

CVE-2020-14354 - CVE Details, Severity, and Analysis

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

Vendor	Product
Fedoraproject	Fedora
C Ares	C Ares

CVE-2020-14354 - CVE Details, Severity, and Analysis | Strobes VI