ID CVE-2016-5180
Summary Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
References
Vulnerable Configurations
  • cpe:2.3:a:c-ares_project:c-ares:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:c-ares_project:c-ares:1.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:c-ares_project:c-ares:1.11.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 05-01-2018 - 02:30)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2017:0002
rpms
  • rh-nodejs4-http-parser-0:2.7.0-2.el6
  • rh-nodejs4-http-parser-0:2.7.0-2.el7
  • rh-nodejs4-http-parser-debuginfo-0:2.7.0-2.el6
  • rh-nodejs4-http-parser-debuginfo-0:2.7.0-2.el7
  • rh-nodejs4-http-parser-devel-0:2.7.0-2.el6
  • rh-nodejs4-http-parser-devel-0:2.7.0-2.el7
  • rh-nodejs4-nodejs-0:4.6.2-4.el6
  • rh-nodejs4-nodejs-0:4.6.2-4.el7
  • rh-nodejs4-nodejs-debuginfo-0:4.6.2-4.el6
  • rh-nodejs4-nodejs-debuginfo-0:4.6.2-4.el7
  • rh-nodejs4-nodejs-devel-0:4.6.2-4.el6
  • rh-nodejs4-nodejs-devel-0:4.6.2-4.el7
  • rh-nodejs4-nodejs-docs-0:4.6.2-4.el6
  • rh-nodejs4-nodejs-docs-0:4.6.2-4.el7
refmap via4
bid 93243
confirm
debian DSA-3682
gentoo GLSA-201701-28
ubuntu USN-3143-1
Last major update 05-01-2018 - 02:30
Published 03-10-2016 - 15:59
Last modified 05-01-2018 - 02:30
Back to Top