Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
2016-10-03T15:59:03.270
2025-04-12T10:46:40.837
Deferred
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | c-ares | c-ares | 1.0.0 | Yes |
| Application | c-ares | c-ares | 1.1.0 | Yes |
| Application | c-ares | c-ares | 1.2.0 | Yes |
| Application | c-ares | c-ares | 1.2.1 | Yes |
| Application | c-ares | c-ares | 1.3.0 | Yes |
| Application | c-ares | c-ares | 1.3.1 | Yes |
| Application | c-ares | c-ares | 1.3.2 | Yes |
| Application | c-ares | c-ares | 1.4.0 | Yes |
| Application | c-ares | c-ares | 1.5.0 | Yes |
| Application | c-ares | c-ares | 1.5.1 | Yes |
| Application | c-ares | c-ares | 1.5.2 | Yes |
| Application | c-ares | c-ares | 1.5.3 | Yes |
| Application | c-ares | c-ares | 1.6.0 | Yes |
| Application | c-ares | c-ares | 1.7.0 | Yes |
| Application | c-ares | c-ares | 1.7.1 | Yes |
| Application | c-ares | c-ares | 1.7.2 | Yes |
| Application | c-ares | c-ares | 1.7.3 | Yes |
| Application | c-ares | c-ares | 1.7.4 | Yes |
| Application | c-ares | c-ares | 1.7.5 | Yes |
| Application | c-ares | c-ares | 1.8.0 | Yes |
| Application | c-ares | c-ares | 1.9.0 | Yes |
| Application | c-ares | c-ares | 1.9.1 | Yes |
| Application | c-ares | c-ares | 1.10.0 | Yes |
| Application | c-ares_project | c-ares | 1.11.0 | Yes |
| Operating System | debian | debian_linux | 8.0 | Yes |
| Application | nodejs | node.js | < 0.10.48 | Yes |
| Application | nodejs | node.js | < 0.12.17 | Yes |
| Application | nodejs | node.js | < 4.6.1 | Yes |
| Operating System | canonical | ubuntu_linux | 12.04 | Yes |
| Operating System | canonical | ubuntu_linux | 14.04 | Yes |
| Operating System | canonical | ubuntu_linux | 16.04 | Yes |
| Operating System | canonical | ubuntu_linux | 16.10 | Yes |