In c-ares before 1.12.0, When a string is passed in to ‘ares_create_query’ or ‘ares_mkquery’ and uses an escaped trailing dot, like “hello\.”, c-ares calculates the string length wrong and subsequently writes outside of the the allocated buffer with one byte. The wrongly written byte is the least significant byte of the ‘dnsclass’ argument; most commonly 1 (CVE-2016-5180).

OSVersionArchitecturePackageVersionFilename
Mageia5noarchc-ares< 1.10.0-5.1c-ares-1.10.0-5.1.mga5

OS	Version	Architecture	Package	Version	Filename
Mageia	5	noarch	c-ares	< 1.10.0-5.1	c-ares-1.10.0-5.1.mga5

References

bugs.mageia.org/show_bug.cgi?id=19489

c-ares.haxx.se/adv_20160929.html

fedora 7

nessus 28

gentoo 1

openvas 21

prion 1

debian 2

archlinux 1

alpinelinux 1

debiancve 1

ubuntu 1

freebsd 1

redhatcve 1

osv 1

cvelist 1

cve 1

ubuntucve 1

nodejsblog 1

ibm 1

chrome 1

altlinux 1

rosalinux 1

redhat 1

threatpost 1

androidsecurity 1

tenable 1

fedora

[SECURITY] Fedora 24 Update: c-ares-1.12.0-1.fc24

2016-10-06 00:51:43

[SECURITY] Fedora 24 Update: mingw-c-ares-1.12.0-1.fc24

2016-10-09 22:22:00

[SECURITY] Fedora 23 Update: mingw-c-ares-1.12.0-1.fc23

2016-10-10 01:20:23

nessus

Debian DSA-3682-1 : c-ares - security update

2016-10-04 00:00:00

Fedora 25 : c-ares (2016-e523c37b4d)

2016-11-15 00:00:00

openSUSE Security Update : libcares2 (openSUSE-2017-58)

2017-01-10 00:00:00

gentoo

c-ares: Heap-based buffer overflow

2017-01-11 00:00:00

openvas

Debian: Security Advisory (DLA-648-1)

2023-03-08 00:00:00

Debian Security Advisory DSA 3682-1 (c-ares - security update)

2016-10-05 00:00:00

Fedora Update for mingw-c-ares FEDORA-2016-a7f9e86df7

2016-11-14 00:00:00

prion

Heap overflow

2016-10-03 15:59:00

debian

[SECURITY] [DLA 648-1] c-ares security update

2016-10-06 18:56:09

[SECURITY] [DSA 3682-1] c-ares security update

2016-09-30 19:49:42

archlinux

[ASA-201609-31] c-ares: arbitrary code execution

2016-09-30 00:00:00

alpinelinux

CVE-2016-5180

2016-10-03 15:59:00

debiancve

CVE-2016-5180

2016-10-03 15:59:00

ubuntu

c-ares vulnerability

2016-11-30 00:00:00

freebsd

node.js -- ares_create_query single byte out of buffer write

2016-10-18 00:00:00

redhatcve

CVE-2016-5180

2016-09-29 16:47:23

osv

CVE-2016-5180

2016-10-03 15:59:00

cvelist

CVE-2016-5180

2016-10-03 15:00:00

cve

CVE-2016-5180

2016-10-03 15:59:00

ubuntucve

CVE-2016-5180

2016-10-03 00:00:00

nodejsblog

October security releases and v6 LTS "Boron" security inclusions

2016-10-15 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™

2018-08-09 04:20:36

chrome

Stable Channel Update for Chrome OS

2016-09-30 00:00:00

altlinux

Security fix for the ALT Linux 9 package c-ares version 1.13.0-alt1

2017-08-08 00:00:00

rosalinux

Advisory ROSA-SA-2021-1811

2021-07-02 16:34:46

redhat

(RHSA-2017:0002) Important: rh-nodejs4-nodejs and rh-nodejs4-http-parser security update

2017-01-02 15:33:44

threatpost

Google Patches 29 Critical Android Vulnerabilities Including Holes in Mediaserver, Qualcomm

2017-01-04 13:33:01

androidsecurity

Android Security Bulletin—January 2017

2017-01-03 00:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

0.045 Low

EPSS

Percentile

92.4%

JSON

Related for MGASA-2016-0351