CVE-2017-1000381
c-ares: NAPTR parser out of bounds access
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
La función "ares_parse_naptr_reply()" de c-ares, que es usada para analizar las respuestas NAPTR, podría ser activada para leer la memoria fuera del búfer de entrada dado si el pasado en el paquete de respuesta DNS fue creado de una manera particular.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-07-07 CVE Reserved
- 2017-07-07 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/99148 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://c-ares.haxx.se/0616.patch | 2023-09-15 | |
| https://c-ares.haxx.se/adv_20170620.html | 2023-09-15 | |
| https://access.redhat.com/security/cve/CVE-2017-1000381 | 2017-10-18 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1463132 | 2017-10-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| C-ares Search vendor "C-ares" | C-ares Search vendor "C-ares" for product "C-ares" | 1.8.0 Search vendor "C-ares" for product "C-ares" and version "1.8.0" | - |
Affected
| ||||||
| C-ares Search vendor "C-ares" | C-ares Search vendor "C-ares" for product "C-ares" | 1.9.0 Search vendor "C-ares" for product "C-ares" and version "1.9.0" | - |
Affected
| ||||||
| C-ares Search vendor "C-ares" | C-ares Search vendor "C-ares" for product "C-ares" | 1.9.1 Search vendor "C-ares" for product "C-ares" and version "1.9.1" | - |
Affected
| ||||||
| C-ares Search vendor "C-ares" | C-ares Search vendor "C-ares" for product "C-ares" | 1.10.0 Search vendor "C-ares" for product "C-ares" and version "1.10.0" | - |
Affected
| ||||||
| C-ares Search vendor "C-ares" | C-ares Search vendor "C-ares" for product "C-ares" | 1.12.0 Search vendor "C-ares" for product "C-ares" and version "1.12.0" | - |
Affected
| ||||||
| C-ares Project Search vendor "C-ares Project" | C-ares Search vendor "C-ares Project" for product "C-ares" | 1.11.0 Search vendor "C-ares Project" for product "C-ares" and version "1.11.0" | - |
Affected
| ||||||
| C-ares Project Search vendor "C-ares Project" | C-ares Search vendor "C-ares Project" for product "C-ares" | 1.11.0 Search vendor "C-ares Project" for product "C-ares" and version "1.11.0" | rc1 |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 4.0.0 <= 4.1.2 Search vendor "Nodejs" for product "Node.js" and version " >= 4.0.0 <= 4.1.2" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 4.2.0 < 4.8.4 Search vendor "Nodejs" for product "Node.js" and version " >= 4.2.0 < 4.8.4" | lts |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 5.0.0 <= 5.12.0 Search vendor "Nodejs" for product "Node.js" and version " >= 5.0.0 <= 5.12.0" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 6.0.0 <= 6.8.1 Search vendor "Nodejs" for product "Node.js" and version " >= 6.0.0 <= 6.8.1" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 6.9.0 < 6.11.1 Search vendor "Nodejs" for product "Node.js" and version " >= 6.9.0 < 6.11.1" | lts |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 7.0.0 < 7.10.1 Search vendor "Nodejs" for product "Node.js" and version " >= 7.0.0 < 7.10.1" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 8.0.0 < 8.1.4 Search vendor "Nodejs" for product "Node.js" and version " >= 8.0.0 < 8.1.4" | - |
Affected
| ||||||