{
  "claim_outcome": "confirmed",
  "claim_block_reason": null,
  "repro_result": "confirmed",
  "validated_surface": "dns_remote",
  "evidence_scope": "production_path",
  "claimed_impact_class": "code_execution",
  "observed_impact_class": "code_execution",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "malicious TCP DNS server responses (FORMERR without OPT, duplicate same-qid NXDOMAIN, TCP reset) plus deterministic heap-reclaim payload supplied through c-ares public allocator API to model attacker-controlled reclaimed heap content",
  "trigger_path": "ares_getaddrinfo(AF_INET) over TCP -> read_answers() deferred ENDQUERY flush -> host_callback() reentrant next_lookup/end_hquery after TCP reset -> hquery_free() -> stale host_callback consumes forged host_query->callback/arg and executes sentinel",
  "end_to_end_target_reached": true,
  "sanitizer_used": false,
  "crash_observed": false,
  "read_write_primitive_observed": true,
  "exploit_chain_demonstrated": true,
  "blocking_mitigation": null,
  "inferred": false
}