Candidate: CVE-2017-9454
PublicDate: 2017-08-18 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9454
 https://github.com/resiprocate/resiprocate/commit/d67a9ca6fd06ca65d23e313bdbad1ef4dd3aa0df
 https://list.resiprocate.org/archive/resiprocate-users/msg02700.html
Description:
 Buffer overflow in the ares_parse_a_reply function in the embedded ares
 library in ReSIProcate before 1.12.0 allows remote attackers to cause a
 denial of service (out-of-bounds-read) via a crafted DNS response.
Ubuntu-Description:
Notes:
 sbeattie> vuln in embedded copy of c-ares, debian package look to use
   the system libc-ares library.
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_resiprocate:
upstream_resiprocate: needs-triage
precise/esm_resiprocate: DNE
trusty_resiprocate: not-affected (uses system c-ares)
trusty/esm_resiprocate: DNE (trusty was not-affected [uses system c-ares])
vivid/ubuntu-core_resiprocate: DNE
xenial_resiprocate: not-affected (uses system c-ares)
zesty_resiprocate: not-affected (uses system c-ares)
devel_resiprocate: not-affected (uses system c-ares)