ID CVE-2016-5180
Summary Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
References
Vulnerable Configurations
  • c-ares Project c-ares 1.0.0
    cpe:2.3:a:c-ares_project:c-ares:1.0.0
  • c-ares Project c-ares 1.1.0
    cpe:2.3:a:c-ares_project:c-ares:1.1.0
  • c-ares Project c-ares 1.2.0
    cpe:2.3:a:c-ares_project:c-ares:1.2.0
  • c-ares Project c-ares 1.2.1
    cpe:2.3:a:c-ares_project:c-ares:1.2.1
  • c-ares Project c-ares 1.3.0
    cpe:2.3:a:c-ares_project:c-ares:1.3.0
  • c-ares Project c-ares 1.3.1
    cpe:2.3:a:c-ares_project:c-ares:1.3.1
  • c-ares Project c-ares 1.3.2
    cpe:2.3:a:c-ares_project:c-ares:1.3.2
  • c-ares Project c-ares 1.4.0
    cpe:2.3:a:c-ares_project:c-ares:1.4.0
  • c-ares Project c-ares 1.5.0
    cpe:2.3:a:c-ares_project:c-ares:1.5.0
  • c-ares Project c-ares 1.5.1
    cpe:2.3:a:c-ares_project:c-ares:1.5.1
  • c-ares Project c-ares 1.5.2
    cpe:2.3:a:c-ares_project:c-ares:1.5.2
  • c-ares Project c-ares 1.5.3
    cpe:2.3:a:c-ares_project:c-ares:1.5.3
  • c-ares Project c-ares 1.6.0
    cpe:2.3:a:c-ares_project:c-ares:1.6.0
  • c-ares Project c-ares 1.7.0
    cpe:2.3:a:c-ares_project:c-ares:1.7.0
  • c-ares Project c-ares 1.7.1
    cpe:2.3:a:c-ares_project:c-ares:1.7.1
  • c-ares Project c-ares 1.7.2
    cpe:2.3:a:c-ares_project:c-ares:1.7.2
  • c-ares Project c-ares 1.7.3
    cpe:2.3:a:c-ares_project:c-ares:1.7.3
  • c-ares Project c-ares 1.7.4
    cpe:2.3:a:c-ares_project:c-ares:1.7.4
  • c-ares Project c-ares 1.7.5
    cpe:2.3:a:c-ares_project:c-ares:1.7.5
  • c-ares Project c-ares 1.8.0
    cpe:2.3:a:c-ares_project:c-ares:1.8.0
  • c-ares Project c-ares 1.9.0
    cpe:2.3:a:c-ares_project:c-ares:1.9.0
  • c-ares Project c-ares 1.9.1
    cpe:2.3:a:c-ares_project:c-ares:1.9.1
  • c-ares Project c-ares 1.10.0
    cpe:2.3:a:c-ares_project:c-ares:1.10.0
  • c-ares Project c-ares 1.11.0
    cpe:2.3:a:c-ares_project:c-ares:1.11.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
CVSS
Base: 7.5 (as of 03-10-2016 - 13:28)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_28BB6EE59B5C11E6B79919BEF72F4B7C.NASL
    description Node.js has released new versions containing the following security fix : The following releases all contain fixes for CVE-2016-5180 'ares_create_query single byte out of buffer write': Node.js v0.10.48 (Maintenance), Node.js v0.12.17 (Maintenance), Node.js v4.6.1 (LTS 'Argon') While this is not a critical update, all users of these release lines should upgrade at their earliest convenience.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94416
    published 2016-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94416
    title FreeBSD : node.js -- ares_create_query single byte out of buffer write (28bb6ee5-9b5c-11e6-b799-19bef72f4b7c)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-4F34F26649.NASL
    description Security fix for CVE-2016-5180 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-11-15
    plugin id 94805
    published 2016-11-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94805
    title Fedora 25 : mingw-c-ares (2016-4f34f26649)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3286-1.NASL
    description This update for libcares2 fixes the following issues : - Add patch to fix single byte out of buffer write (CVE-2016-5180, bsc#1007728) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 96255
    published 2017-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96255
    title SUSE SLED12 / SLES12 Security Update : libcares2 (SUSE-SU-2016:3286-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2898-1.NASL
    description This update for nodejs4 fixes the following issues: Security issues fixed : - CVE-2016-5180: c-ares: Fix for single-byte buffer overwrite (bsc#1007728). Bug fixes : - bsc#1009011: npm4 should provide versioned nodejs-npm and npm allowing nodejs-packaging to continue to function properly in Leap 42.2 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 119986
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119986
    title SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2016:2898-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3143-1.NASL
    description Gzob Qq discovered that c-ares incorrectly handled certain hostnames. A remote attacker could use this issue to cause applications using c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 95428
    published 2016-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95428
    title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : c-ares vulnerability (USN-3143-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1373.NASL
    description This update for libcares2 fixes the following issues : - ares_create_query() single byte out of buffer write (CVE-2016-5180, boo#1007728)
    last seen 2019-02-21
    modified 2016-12-02
    plugin id 95463
    published 2016-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95463
    title openSUSE Security Update : libcares2 (openSUSE-2016-1373)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1403.NASL
    description This update for nodejs4 fixes the following issues : Security issues fixed : - CVE-2016-5180: c-ares: Fix for single-byte buffer overwrite (bsc#1007728). Bug fixes : - bsc#1009011: npm4 should provide versioned nodejs-npm and npm allowing nodejs-packaging to continue to function properly in Leap 42.2 This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2016-12-06
    plugin id 95557
    published 2016-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95557
    title openSUSE Security Update : nodejs4 (openSUSE-2016-1403)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-A7F9E86DF7.NASL
    description Security fix for CVE-2016-5180 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 93926
    published 2016-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93926
    title Fedora 24 : mingw-c-ares (2016-a7f9e86df7)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-66D9389548.NASL
    description Security fix for CVE-2016-5180 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 93920
    published 2016-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93920
    title Fedora 23 : mingw-c-ares (2016-66d9389548)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-58.NASL
    description This update for libcares2 fixes the following issues : - Add patch to fix single byte out of buffer write (CVE-2016-5180, bsc#1007728) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2017-01-10
    plugin id 96379
    published 2017-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96379
    title openSUSE Security Update : libcares2 (openSUSE-2017-58)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-1CC00CDE2D.NASL
    description Security fix for CVE-2016-5180 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 93874
    published 2016-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93874
    title Fedora 24 : c-ares (2016-1cc00cde2d)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-E523C37B4D.NASL
    description Security fix for CVE-2016-5180 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-11-15
    plugin id 94872
    published 2016-11-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94872
    title Fedora 25 : c-ares (2016-e523c37b4d)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-7A3A0F0198.NASL
    description Update to 4.6.1 (security) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-31
    plugin id 94414
    published 2016-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94414
    title Fedora 24 : 1:nodejs (2016-7a3a0f0198)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3682.NASL
    description Gzob Qq discovered that the query-building functions in c-ares, an asynchronous DNS request library would not correctly process crafted query names, resulting in a heap buffer overflow and potentially leading to arbitrary code execution.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 93836
    published 2016-10-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93836
    title Debian DSA-3682-1 : c-ares - security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3287-1.NASL
    description This update for libcares2 fixes the following issues : - Add patch to fix single byte out of buffer write (CVE-2016-5180, bsc#1007728) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 96256
    published 2017-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96256
    title SUSE SLES11 Security Update : libcares2 (SUSE-SU-2016:3287-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-648.NASL
    description Gzob Qq discovered that the query-building functions in c-ares, an asynchronous DNS request library would not correctly process crafted query names, resulting in a heap buffer overflow and potentially leading to arbitrary code execution. For Debian 7 'Wheezy', these problems have been fixed in version 1.9.1-3+deb7u1. We recommend that you upgrade your c-ares packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-10
    plugin id 93900
    published 2016-10-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93900
    title Debian DLA-648-1 : c-ares security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-7AA3C89E7B.NASL
    description Security fix for CVE-2016-5180 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 93976
    published 2016-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93976
    title Fedora 23 : c-ares (2016-7aa3c89e7b)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201701-28.NASL
    description The remote host is affected by the vulnerability described in GLSA-201701-28 (c-ares: Heap-based buffer overflow) A hostname with an escaped trailing dot (such as “hello\\.”) would have its size calculated incorrectly leading to a single byte written beyond the end of a buffer on the heap. Impact : A remote attacker, able to provide a specially crafted hostname to an application using c-ares, could potentially cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-01-12
    plugin id 96422
    published 2017-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96422
    title GLSA-201701-28 : c-ares: Heap-based buffer overflow
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1277.NASL
    description This update for nodejs fixes the following issues : - New upstream LTS version 4.6.1 - c-ares : + CVE-2016-5180: fix for single-byte buffer overwrite - Fix nodejs-libpath.patch so ppc doesn't fail to build
    last seen 2018-09-02
    modified 2016-11-10
    plugin id 94664
    published 2016-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94664
    title openSUSE Security Update : nodejs (openSUSE-2016-1277)
redhat via4
advisories
rhsa
id RHSA-2017:0002
refmap via4
bid 93243
confirm
debian DSA-3682
gentoo GLSA-201701-28
ubuntu USN-3143-1
Last major update 06-01-2017 - 22:00
Published 03-10-2016 - 11:59
Last modified 04-01-2018 - 21:30
Back to Top