CVE-2017-1000381 – c-ares: NAPTR parser out of bounds access
https://notcve.org/view.php?id=CVE-2017-1000381
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. La función "ares_parse_naptr_reply()" de c-ares, que es usada para analizar las respuestas NAPTR, podría ser activada para leer la memoria fuera del búfer de entrada dado si el pasado en el paquete de respuesta DNS fue creado de una manera particular. • http://www.securityfocus.com/bid/99148 https://c-ares.haxx.se/0616.patch https://c-ares.haxx.se/adv_20170620.html https://access.redhat.com/security/cve/CVE-2017-1000381 https://bugzilla.redhat.com/show_bug.cgi?id=1463132 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-5180 – c-ares: Single byte out of buffer write
https://notcve.org/view.php?id=CVE-2016-5180
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. Desbordamiento de búfer basado en memoria dinámica en la función ares_create_query en c-ares 1.x en versiones anteriores a 1.12.0 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites) o posiblemente ejecutar código arbitrario a través de un nombre de host con puntos finales de fuga. A vulnerability was found in c-ares. A hostname with an escaped trailing dot (such as "hello\.") would have its size calculated incorrectly, leading to a single byte written beyond the end of a buffer on the heap. An attacker able to provide such a hostname to an application using c-ares, could potentially cause that application to crash. • http://rhn.redhat.com/errata/RHSA-2017-0002.html http://www.debian.org/security/2016/dsa-3682 http://www.securityfocus.com/bid/93243 http://www.ubuntu.com/usn/USN-3143-1 https://c-ares.haxx.se/CVE-2016-5180.patch https://c-ares.haxx.se/adv_20160929.html https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html https://security.gentoo.org/glsa/201701-28 https://source.android.com/security/bulletin/2017-01-01.html https://access • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •