CVE-2016-5180 (retired)

Priority
Description
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x
before 1.12.0 allows remote attackers to cause a denial of service
(out-of-bounds write) or possibly execute arbitrary code via a hostname
with an escaped trailing dot.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (1.12.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.10.0-3ubuntu0.1)
Patches:
Upstream:https://c-ares.haxx.se/CVE-2016-5180.patch
More Information

Updated: 2019-10-09 07:56:44 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)