Описание
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| c-ares | fixed | 1.12.0-4 | package | |
| c-ares | fixed | 1.12.0-1+deb9u1 | stretch | package |
| c-ares | fixed | 1.10.0-2+deb8u2 | jessie | package |
Примечания
https://c-ares.haxx.se/adv_20170620.html
Patch: https://c-ares.haxx.se/CVE-2017-1000381.patch
EPSS
Связанные уязвимости
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
EPSS