Описание
The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | c-ares | Will not fix | ||
| Red Hat Enterprise Linux 6 | c-ares | Will not fix | ||
| Red Hat Enterprise Linux 7 | c-ares | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Tools | nodejs | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | nodejs010-nodejs | Will not fix | ||
| Red Hat OpenShift Enterprise 3 | nodejs | Will not fix | ||
| Red Hat Software Collections | nodejs010-c-ares | Will not fix | ||
| Red Hat Software Collections | nodejs010-nodejs | Not affected | ||
| Red Hat Software Collections | rh-nodejs4-nodejs | Will not fix | ||
| Red Hat Software Collections | rh-nodejs6-nodejs | Affected |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
The c-ares function `ares_parse_naptr_reply()`, which is used for pars ...
6.5 Medium
CVSS3