Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.

References

rhn.redhat.com/errata/RHSA-2017-0002.html

www.debian.org/security/2016/dsa-3682

www.securityfocus.com/bid/93243

www.ubuntu.com/usn/USN-3143-1

c-ares.haxx.se/adv_20160929.html

c-ares.haxx.se/CVE-2016-5180.patch

googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html

security.gentoo.org/glsa/201701-28

source.android.com/security/bulletin/2017-01-01.html

nessus 31

openvas 21

fedora 7

redhatcve 1

gentoo 1

prion 1

freebsd 1

ubuntu 1

alpinelinux 1

archlinux 1

debian 2

debiancve 1

ubuntucve 1

osv 1

cve 1

mageia 1

nvd 1

ibm 1

nodejsblog 1

altlinux 1

chrome 1

rosalinux 1

redhat 1

threatpost 1

androidsecurity 1

tenable 1

nessus

Fedora 24 : mingw-c-ares (2016-a7f9e86df7)

2016-10-10 00:00:00

openSUSE Security Update : nodejs4 (openSUSE-2016-1403)

2016-12-06 00:00:00

SUSE SLED12 / SLES12 Security Update : libcares2 (SUSE-SU-2016:3286-1)

2017-01-03 00:00:00

openvas

Fedora Update for nodejs FEDORA-2016-7a3a0f0198

2016-11-14 00:00:00

Fedora Update for c-ares FEDORA-2016-7aa3c89e7b

2016-11-14 00:00:00

SUSE: Security Advisory (SUSE-SU-2016:3287-1)

2021-06-09 00:00:00

fedora

[SECURITY] Fedora 25 Update: c-ares-1.12.0-1.fc25

2016-10-09 03:13:27

[SECURITY] Fedora 23 Update: mingw-c-ares-1.12.0-1.fc23

2016-10-10 01:20:23

[SECURITY] Fedora 23 Update: c-ares-1.12.0-1.fc23

2016-10-11 01:19:58

redhatcve

CVE-2016-5180

2016-09-29 16:47:23

gentoo

c-ares: Heap-based buffer overflow

2017-01-11 00:00:00

prion

Heap overflow

2016-10-03 15:59:00

freebsd

node.js -- ares_create_query single byte out of buffer write

2016-10-18 00:00:00

ubuntu

c-ares vulnerability

2016-11-30 00:00:00

alpinelinux

CVE-2016-5180

2016-10-03 15:59:03

archlinux

[ASA-201609-31] c-ares: arbitrary code execution

2016-09-30 00:00:00

debian

[SECURITY] [DLA 648-1] c-ares security update

2016-10-06 18:55:52

[SECURITY] [DSA 3682-1] c-ares security update

2016-09-30 19:49:24

debiancve

CVE-2016-5180

2016-10-03 15:59:03

ubuntucve

CVE-2016-5180

2016-10-03 00:00:00

osv

CVE-2016-5180

2016-10-03 15:59:00

cve

CVE-2016-5180

2016-10-03 15:59:03

mageia

Updated c-ares packages fix security vulnerability

2016-10-21 17:48:32

nvd

CVE-2016-5180

2016-10-03 15:59:03

ibm

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™

2018-08-09 04:20:36

nodejsblog

October security releases and v6 LTS "Boron" security inclusions

2016-10-15 00:00:00

altlinux

Security fix for the ALT Linux 9 package c-ares version 1.13.0-alt1

2017-08-08 00:00:00

chrome

Stable Channel Update for Chrome OS

2016-09-30 00:00:00

rosalinux

Advisory ROSA-SA-2021-1811

2021-07-02 16:34:46

redhat

(RHSA-2017:0002) Important: rh-nodejs4-nodejs and rh-nodejs4-http-parser security update

2017-01-02 15:33:44

threatpost

Google Patches 29 Critical Android Vulnerabilities Including Holes in Mediaserver, Qualcomm

2017-01-04 13:33:01

androidsecurity

Android Security Bulletin—January 2017

2017-01-03 00:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

9.9 High

AI Score

Confidence

High

0.045 Low

EPSS

Percentile

92.5%

JSON

Related for CVELIST:CVE-2016-5180