Lucene search

K
cveChromeCVE-2016-5180
HistoryOct 03, 2016 - 3:59 p.m.

CVE-2016-5180

2016-10-0315:59:03
CWE-787
Chrome
web.nvd.nist.gov
115
2
cve
2016
5180
heap-based
buffer overflow
c-ares
denial of service
out-of-bounds write
arbitrary code
hostname

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.045

Percentile

92.5%

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.

Affected configurations

Nvd
Node
c-aresc-aresMatch1.0.0
OR
c-aresc-aresMatch1.1.0
OR
c-aresc-aresMatch1.2.0
OR
c-aresc-aresMatch1.2.1
OR
c-aresc-aresMatch1.3.0
OR
c-aresc-aresMatch1.3.1
OR
c-aresc-aresMatch1.3.2
OR
c-aresc-aresMatch1.4.0
OR
c-aresc-aresMatch1.5.0
OR
c-aresc-aresMatch1.5.1
OR
c-aresc-aresMatch1.5.2
OR
c-aresc-aresMatch1.5.3
OR
c-aresc-aresMatch1.6.0
OR
c-aresc-aresMatch1.7.0
OR
c-aresc-aresMatch1.7.1
OR
c-aresc-aresMatch1.7.2
OR
c-aresc-aresMatch1.7.3
OR
c-aresc-aresMatch1.7.4
OR
c-aresc-aresMatch1.7.5
OR
c-aresc-aresMatch1.8.0
OR
c-aresc-aresMatch1.9.0
OR
c-aresc-aresMatch1.9.1
OR
c-aresc-aresMatch1.10.0
OR
c-ares_projectc-aresMatch1.11.0
Node
debiandebian_linuxMatch8.0
Node
nodejsnode.jsRange0.10.0โ€“0.10.48
OR
nodejsnode.jsRange0.12.0โ€“0.12.17
OR
nodejsnode.jsRange4.0.0โ€“4.6.1
Node
canonicalubuntu_linuxMatch12.04-
OR
canonicalubuntu_linuxMatch14.04esm
OR
canonicalubuntu_linuxMatch16.04esm
OR
canonicalubuntu_linuxMatch16.10
VendorProductVersionCPE
c-aresc-ares1.9.0cpe:/a:c-ares:c-ares:1.9.0:::
c-aresc-ares1.3.2cpe:/a:c-ares:c-ares:1.3.2:::
c-aresc-ares1.0.0cpe:/a:c-ares:c-ares:1.0.0:::
c-aresc-ares1.1.0cpe:/a:c-ares:c-ares:1.1.0:::
c-aresc-ares1.7.1cpe:/a:c-ares:c-ares:1.7.1:::
c-aresc-ares1.5.3cpe:/a:c-ares:c-ares:1.5.3:::
c-aresc-ares1.3.0cpe:/a:c-ares:c-ares:1.3.0:::
c-aresc-ares1.7.3cpe:/a:c-ares:c-ares:1.7.3:::
c-aresc-ares1.7.5cpe:/a:c-ares:c-ares:1.7.5:::
c-aresc-ares1.6.0cpe:/a:c-ares:c-ares:1.6.0:::
Rows per page:
1-10 of 241

Social References

More

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.045

Percentile

92.5%