Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.

CPENameOperatorVersion
nodejseq4.4.3-r0
nodejseq4.4.4-r0
nodejseq4.4.5-r0
nodejseq4.4.7-r0
nodejseq4.5.0-r0

Name	Operator	Version
nodejs	eq	4.4.3-r0
nodejs	eq	4.4.4-r0
nodejs	eq	4.4.5-r0
nodejs	eq	4.4.7-r0
nodejs	eq	4.5.0-r0

References

rhn.redhat.com/errata/RHSA-2017-0002.html

www.debian.org/security/2016/dsa-3682

www.securityfocus.com/bid/93243

www.ubuntu.com/usn/USN-3143-1

c-ares.haxx.se/adv_20160929.html

c-ares.haxx.se/CVE-2016-5180.patch

googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html

security.gentoo.org/glsa/201701-28

source.android.com/security/bulletin/2017-01-01.html

nessus 31

gentoo 1

fedora 7

openvas 21

prion 1

redhatcve 1

archlinux 1

freebsd 1

ubuntu 1

alpinelinux 1

debian 2

debiancve 1

ubuntucve 1

cve 1

cvelist 1

mageia 1

nvd 1

nodejsblog 1

ibm 1

altlinux 1

chrome 1

rosalinux 1

redhat 1

threatpost 1

androidsecurity 1

tenable 1

nessus

FreeBSD : node.js -- ares_create_query single byte out of buffer write (28bb6ee5-9b5c-11e6-b799-19bef72f4b7c)

2016-10-31 00:00:00

Fedora 25 : c-ares (2016-e523c37b4d)

2016-11-15 00:00:00

openSUSE Security Update : libcares2 (openSUSE-2017-58)

2017-01-10 00:00:00

gentoo

c-ares: Heap-based buffer overflow

2017-01-11 00:00:00

fedora

[SECURITY] Fedora 24 Update: c-ares-1.12.0-1.fc24

2016-10-06 00:51:43

[SECURITY] Fedora 25 Update: c-ares-1.12.0-1.fc25

2016-10-09 03:13:27

[SECURITY] Fedora 23 Update: mingw-c-ares-1.12.0-1.fc23

2016-10-10 01:20:23

openvas

Debian: Security Advisory (DLA-648-1)

2023-03-08 00:00:00

Fedora Update for nodejs FEDORA-2016-7a3a0f0198

2016-11-14 00:00:00

Fedora Update for c-ares FEDORA-2016-7aa3c89e7b

2016-11-14 00:00:00

prion

Heap overflow

2016-10-03 15:59:00

redhatcve

CVE-2016-5180

2016-09-29 16:47:23

archlinux

[ASA-201609-31] c-ares: arbitrary code execution

2016-09-30 00:00:00

freebsd

node.js -- ares_create_query single byte out of buffer write

2016-10-18 00:00:00

ubuntu

c-ares vulnerability

2016-11-30 00:00:00

alpinelinux

CVE-2016-5180

2016-10-03 15:59:03

debian

[SECURITY] [DLA 648-1] c-ares security update

2016-10-06 18:55:52

[SECURITY] [DSA 3682-1] c-ares security update

2016-09-30 19:49:24

debiancve

CVE-2016-5180

2016-10-03 15:59:03

ubuntucve

CVE-2016-5180

2016-10-03 00:00:00

cve

CVE-2016-5180

2016-10-03 15:59:03

cvelist

CVE-2016-5180

2016-10-03 15:00:00

mageia

Updated c-ares packages fix security vulnerability

2016-10-21 17:48:32

nvd

CVE-2016-5180

2016-10-03 15:59:03

nodejsblog

October security releases and v6 LTS "Boron" security inclusions

2016-10-15 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™

2018-08-09 04:20:36

altlinux

Security fix for the ALT Linux 9 package c-ares version 1.13.0-alt1

2017-08-08 00:00:00

chrome

Stable Channel Update for Chrome OS

2016-09-30 00:00:00

rosalinux

Advisory ROSA-SA-2021-1811

2021-07-02 16:34:46

redhat

(RHSA-2017:0002) Important: rh-nodejs4-nodejs and rh-nodejs4-http-parser security update

2017-01-02 15:33:44

threatpost

Google Patches 29 Critical Android Vulnerabilities Including Holes in Mediaserver, Qualcomm

2017-01-04 13:33:01

androidsecurity

Android Security Bulletin—January 2017

2017-01-03 00:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.045 Low

EPSS

Percentile

92.5%

JSON

Related for OSV:CVE-2016-5180