CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
92.5%
Software: c-ares 1.10.0
OS: Cobalt 7.9
CVE-ID: CVE-2016-5180
CVE-Crit: CRITICAL
CVE-DESC: Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-range entry) or possibly execute arbitrary code via a hostname with an escaped endpoint.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-1000381
CVE-Crit: HIGH
CVE-DESC: The c-ares ares_parse_naptr_reply ()
function, which is used for parsing NAPTR responses, can be run to read memory beyond the specified input buffer if the response packet passed to DNS was created in a certain way.
CVE-STATUS: Default
CVE-REV: Default
CVE-ID: CVE-2020-8277
CVE-Crit: HIGH
CVE-DESC: A Node.js application that allows an attacker to initiate a DNS query for a host of their choice can cause a denial of service in versions <15.2.1, <14.15.1, and <12.19.1 by getting the application to resolve a DNS record with a large number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
CVE-STATUS: default
CVE-REV: default
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
92.5%