The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/99148 | Third Party Advisory VDB Entry |
https://c-ares.haxx.se/0616.patch | Mailing List Vendor Advisory |
https://c-ares.haxx.se/adv_20170620.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
15 Sep 2023, 11:42
Type | Values Removed | Values Added |
---|---|---|
First Time |
C-ares c-ares
C-ares |
|
CPE | cpe:2.3:a:c-ares_project:c-ares:1.10.0:*:*:*:*:*:*:* cpe:2.3:a:c-ares_project:c-ares:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:c-ares_project:c-ares:1.12.0:*:*:*:*:*:*:* cpe:2.3:a:c-ares_project:c-ares:1.9.1:*:*:*:*:*:*:* |
cpe:2.3:a:c-ares:c-ares:1.9.1:*:*:*:*:*:*:* cpe:2.3:a:c-ares:c-ares:1.9.0:*:*:*:*:*:*:* cpe:2.3:a:c-ares:c-ares:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:c-ares:c-ares:1.12.0:*:*:*:*:*:*:* cpe:2.3:a:c-ares:c-ares:1.10.0:*:*:*:*:*:*:* |
16 Aug 2022, 13:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* |
|
First Time |
Nodejs
Nodejs node.js |
Information
Published : 2017-07-07 17:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-1000381
Mitre link : CVE-2017-1000381
CVE.ORG link : CVE-2017-1000381
JSON object : View
Products Affected
c-ares_project
- c-ares
nodejs
- node.js
c-ares
- c-ares
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor