Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-5180

Опубликовано: 29 сент. 2016
Источник: redhat
CVSS3: 5.3
CVSS2: 5
EPSS Средний

Описание

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.

A vulnerability was found in c-ares. A hostname with an escaped trailing dot (such as "hello.") would have its size calculated incorrectly, leading to a single byte written beyond the end of a buffer on the heap. An attacker able to provide such a hostname to an application using c-ares, could potentially cause that application to crash.

Отчет

Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5c-aresWill not fix
Red Hat Enterprise Linux 6c-aresWill not fix
Red Hat Enterprise Linux 7c-aresWill not fix
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational ToolsnodejsUnder investigation
Red Hat OpenShift Enterprise 2nodejs010-nodejsNot affected
Red Hat OpenShift Enterprise 3nodejsNot affected
Red Hat Software Collectionsnodejs010-c-aresWill not fix
Red Hat Software Collectionsnodejs010-nodejsWill not fix
Red Hat Software Collectionsrh-nodejs6-nodejsNot affected
Red Hat Software Collectionsrh-nodejs8-nodejsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-193->CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1380463c-ares: Single byte out of buffer write

EPSS

Процентиль: 96%
0.22414
Средний

5.3 Medium

CVSS3

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-5180

CVSS3: 9.8
ubuntu
больше 8 лет назад

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.

nvd логотип

CVE-2016-5180

CVSS3: 9.8
nvd
больше 8 лет назад

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.

debian логотип

CVE-2016-5180

CVSS3: 9.8
debian
больше 8 лет назад

Heap-based buffer overflow in the ares_create_query function in c-ares ...

suse-cvrf логотип

openSUSE-SU-2017:0082-1

suse-cvrf
больше 8 лет назад

Security update for libcares2

suse-cvrf логотип

openSUSE-SU-2016:3006-1

suse-cvrf
больше 8 лет назад

Security update for nodejs4

EPSS

Процентиль: 96%
0.22414
Средний

5.3 Medium

CVSS3

5 Medium

CVSS2