The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/99148 | Third Party Advisory VDB Entry |
https://c-ares.haxx.se/0616.patch | Mailing List Vendor Advisory |
https://c-ares.haxx.se/adv_20170620.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
15 Sep 2023, 11:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:c-ares_project:c-ares:1.9.0:*:*:*:*:*:*:* cpe:2.3:a:c-ares_project:c-ares:1.9.1:*:*:*:*:*:*:* cpe:2.3:a:c-ares_project:c-ares:1.10.0:*:*:*:*:*:*:* cpe:2.3:a:c-ares_project:c-ares:1.12.0:*:*:*:*:*:*:* |
cpe:2.3:a:c-ares:c-ares:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:c-ares:c-ares:1.10.0:*:*:*:*:*:*:* cpe:2.3:a:c-ares:c-ares:1.12.0:*:*:*:*:*:*:* cpe:2.3:a:c-ares:c-ares:1.9.1:*:*:*:*:*:*:* cpe:2.3:a:c-ares:c-ares:1.9.0:*:*:*:*:*:*:* |
First Time |
C-ares
C-ares c-ares |
Information
Published : 2017-07-07 17:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-1000381
Mitre link : CVE-2017-1000381
CVE.ORG link : CVE-2017-1000381
JSON object : View
Products Affected
nodejs
- node.js
c-ares_project
- c-ares
c-ares
- c-ares
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor