CVSS: 7.5EPSS: 62%CPEs: 15EXPL: 2CVE-2020-8277 – c-ares: ares_parse_{a,aaaa}_reply() insufficient naddrttls validation DoS
https://notcve.org/view.php?id=CVE-2020-8277
19 Nov 2020 — A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. Una aplicación Node.js que permite a un atacante desencadenar una petición DNS para un host de su elección podría desencadenar una Denegación de servicio en las versiones anteriores a 15.2.1, versione... • https://github.com/masahiro331/CVE-2020-8277 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2017-1000381 – c-ares: NAPTR parser out of bounds access
https://notcve.org/view.php?id=CVE-2017-1000381
07 Jul 2017 — The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. La función "ares_parse_naptr_reply()" de c-ares, que es usada para analizar las respuestas NAPTR, podría ser activada para leer la memoria fuera del búfer de entrada dado si el pasado en el paquete de respuesta DNS fue creado de una manera particular. It was discovered that c-ares i... • http://www.securityfocus.com/bid/99148 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 15%CPEs: 32EXPL: 0CVE-2016-5180 – c-ares: Single byte out of buffer write
https://notcve.org/view.php?id=CVE-2016-5180
03 Oct 2016 — Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. Desbordamiento de búfer basado en memoria dinámica en la función ares_create_query en c-ares 1.x en versiones anteriores a 1.12.0 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites) o posiblemente ejecutar código arbitrario a t... • http://rhn.redhat.com/errata/RHSA-2017-0002.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •