Heap-based buffer overflow in the ares_create_query function in c-ares 1.x prior to 1.12.0 allows remote malicious users to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
c-ares project c-ares 1.11.0 |
||
c-ares c-ares 1.4.0 |
||
c-ares c-ares 1.5.0 |
||
c-ares c-ares 1.0.0 |
||
c-ares c-ares 1.9.1 |
||
c-ares c-ares 1.8.0 |
||
c-ares c-ares 1.6.0 |
||
c-ares c-ares 1.5.2 |
||
c-ares c-ares 1.10.0 |
||
c-ares c-ares 1.7.1 |
||
c-ares c-ares 1.3.2 |
||
c-ares c-ares 1.5.3 |
||
c-ares c-ares 1.9.0 |
||
c-ares c-ares 1.3.0 |
||
c-ares c-ares 1.7.3 |
||
c-ares c-ares 1.7.5 |
||
c-ares c-ares 1.2.0 |
||
c-ares c-ares 1.1.0 |
||
c-ares c-ares 1.7.2 |
||
c-ares c-ares 1.7.0 |
||
c-ares c-ares 1.7.4 |
||
c-ares c-ares 1.3.1 |
||
c-ares c-ares 1.5.1 |
||
c-ares c-ares 1.2.1 |
||
debian debian linux 8.0 |
||
nodejs node.js |
||
canonical ubuntu linux 16.10 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 12.04 |