PT-2017-3341 · C-Ares+3 · C-Ares+3

Lcatro

Published

2017-05-20

Updated

2024-06-15

CVE-2017-1000381

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions c-ares (affected versions not specified)

Description The issue is related to the ares parse naptr reply() function in the c-ares library, which is used for parsing NAPTR responses. This function could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. The vulnerability is associated with incorrect data handling when analyzing NAPTR responses, which could allow a remote attacker to cause a buffer overflow by using a specially formed DNS response.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-125

Related Identifiers

ALT-PU-2016-3244

ALT-PU-2017-1882

ALT-PU-2017-2000

ALT-PU-2018-2653

ALT-PU-2020-3198

ALT-PU-2022-3071

ALT-PU-2023-5121

BDU:2018-00106

CVE-2017-1000381

DLA-998-1

MGASA-2017-0215

MGASA-2019-0277

OPENSUSE-SU-2024:10668-1

RHSA-2017:2908

SUSE-SU-2017:1792-1

SUSE-SU-2017:2168-1

SUSE-SU-2017_1792-1

SUSE-SU-2017_2168-1

SUSE-SU-2019:14246-1

SUSE-SU-2019_14246-1

USN-3395-1

USN-4796-1

Affected Products

Alt Linux

Suse

Ubuntu

C-Ares

PT-2017-3341 · C-Ares+3 · C-Ares+3

CVE-2017-1000381

Weakness Enumeration

Related Identifiers

Affected Products

References · 590