CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2017-1000381 – c-ares: NAPTR parser out of bounds access
https://notcve.org/view.php?id=CVE-2017-1000381
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. La función "ares_parse_naptr_reply()" de c-ares, que es usada para analizar las respuestas NAPTR, podría ser activada para leer la memoria fuera del búfer de entrada dado si el pasado en el paquete de respuesta DNS fue creado de una manera particular. • http://www.securityfocus.com/bid/99148 https://c-ares.haxx.se/0616.patch https://c-ares.haxx.se/adv_20170620.html https://access.redhat.com/security/cve/CVE-2017-1000381 https://bugzilla.redhat.com/show_bug.cgi?id=1463132 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 4%CPEs: 32EXPL: 0CVE-2016-5180 – c-ares: Single byte out of buffer write
https://notcve.org/view.php?id=CVE-2016-5180
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. Desbordamiento de búfer basado en memoria dinámica en la función ares_create_query en c-ares 1.x en versiones anteriores a 1.12.0 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites) o posiblemente ejecutar código arbitrario a través de un nombre de host con puntos finales de fuga. A vulnerability was found in c-ares. A hostname with an escaped trailing dot (such as "hello\.") would have its size calculated incorrectly, leading to a single byte written beyond the end of a buffer on the heap. An attacker able to provide such a hostname to an application using c-ares, could potentially cause that application to crash. • http://rhn.redhat.com/errata/RHSA-2017-0002.html http://www.debian.org/security/2016/dsa-3682 http://www.securityfocus.com/bid/93243 http://www.ubuntu.com/usn/USN-3143-1 https://c-ares.haxx.se/CVE-2016-5180.patch https://c-ares.haxx.se/adv_20160929.html https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html https://security.gentoo.org/glsa/201701-28 https://source.android.com/security/bulletin/2017-01-01.html https://access&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2007-3153
https://notcve.org/view.php?id=CVE-2007-3153
The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values. La función ares_init:randomize_key en c-ares, sobre plataformas diferentes a windows, utiliza una facilidad debil para producir una secuencia de número aleatorio (Unix rand), la cual hace más fácil para el atacante remotos envenenar las respuestas DNS adivinando ciertos valores. • http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD&content-type=text/vnd.viewcvs-markup http://osvdb.org/37172 http://www.securityfocus.com/bid/24386 https://exchange.xforce.ibmcloud.com/vulnerabilities/34980 •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2007-3152
https://notcve.org/view.php?id=CVE-2007-3152
c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value. c-ares anterior a 1.4.0 utiliza un germen para el generador de númers aleatorios para el campo DNS Transaction ID, el cual podría permitir a atacantes remotos suplantar la respuesta DNS a adivinando el valor del campo. • http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD&content-type=text/vnd.viewcvs-markup http://osvdb.org/37171 http://secunia.com/advisories/25579 http://www.securityfocus.com/bid/24386 https://exchange.xforce.ibmcloud.com/vulnerabilities/34979 •