Lucene search

K
freebsdFreeBSD28BB6EE5-9B5C-11E6-B799-19BEF72F4B7C
HistoryOct 18, 2016 - 12:00 a.m.

node.js -- ares_create_query single byte out of buffer write

2016-10-1800:00:00
vuxml.freebsd.org
3

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.045 Low

EPSS

Percentile

92.3%

Node.js has released new versions containing the following security fix:

The following releases all contain fixes for CVE-2016-5180 “ares_create_query single
byte out of buffer write”: Node.js v0.10.48 (Maintenance), Node.js v0.12.17 (Maintenance),
Node.js v4.6.1 (LTS “Argon”)

While this is not a critical update, all users of these release lines should upgrade at
their earliest convenience.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchnode010< 0.10.48UNKNOWN
FreeBSDanynoarchnode012< 0.12.17UNKNOWN
FreeBSDanynoarchnode4< 4.6.1UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.045 Low

EPSS

Percentile

92.3%

Related for 28BB6EE5-9B5C-11E6-B799-19BEF72F4B7C