Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
16 Aug 2022, 13:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* |
|
References | (CONFIRM) https://c-ares.haxx.se/CVE-2016-5180.patch - Patch, Third Party Advisory | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-3143-1 - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2017-0002.html - Third Party Advisory | |
References | (CONFIRM) https://source.android.com/security/bulletin/2017-01-01.html - Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/93243 - Broken Link, Third Party Advisory, VDB Entry | |
References | (GENTOO) https://security.gentoo.org/glsa/201701-28 - Third Party Advisory |
Information
Published : 2016-10-03 15:59
Updated : 2024-02-04 18:53
NVD link : CVE-2016-5180
Mitre link : CVE-2016-5180
CVE.ORG link : CVE-2016-5180
JSON object : View
Products Affected
nodejs
- node.js
c-ares_project
- c-ares
canonical
- ubuntu_linux
c-ares
- c-ares
debian
- debian_linux
CWE
CWE-787
Out-of-bounds Write