The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/99148 | Third Party Advisory VDB Entry |
https://c-ares.haxx.se/0616.patch | Mailing List Vendor Advisory |
https://c-ares.haxx.se/adv_20170620.html | Vendor Advisory |
http://www.securityfocus.com/bid/99148 | Third Party Advisory VDB Entry |
https://c-ares.haxx.se/0616.patch | Mailing List Vendor Advisory |
https://c-ares.haxx.se/adv_20170620.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 03:04
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/99148 - Third Party Advisory, VDB Entry | |
References | () https://c-ares.haxx.se/0616.patch - Mailing List, Vendor Advisory | |
References | () https://c-ares.haxx.se/adv_20170620.html - Vendor Advisory |
15 Sep 2023, 11:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:c-ares_project:c-ares:1.9.0:*:*:*:*:*:*:* cpe:2.3:a:c-ares_project:c-ares:1.9.1:*:*:*:*:*:*:* cpe:2.3:a:c-ares_project:c-ares:1.10.0:*:*:*:*:*:*:* cpe:2.3:a:c-ares_project:c-ares:1.12.0:*:*:*:*:*:*:* |
cpe:2.3:a:c-ares:c-ares:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:c-ares:c-ares:1.10.0:*:*:*:*:*:*:* cpe:2.3:a:c-ares:c-ares:1.12.0:*:*:*:*:*:*:* cpe:2.3:a:c-ares:c-ares:1.9.1:*:*:*:*:*:*:* cpe:2.3:a:c-ares:c-ares:1.9.0:*:*:*:*:*:*:* |
First Time |
C-ares
C-ares c-ares |
Information
Published : 2017-07-07 17:29
Updated : 2024-11-21 03:04
NVD link : CVE-2017-1000381
Mitre link : CVE-2017-1000381
CVE.ORG link : CVE-2017-1000381
JSON object : View
Products Affected
c-ares_project
- c-ares
c-ares
- c-ares
nodejs
- node.js
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor