CVE-2017-1000381

Priority
Medium
Description
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing
NAPTR responses, could be triggered to read memory outside of the given
input buffer if the passed in DNS response packet was crafted in a
particular way.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (1.13.0,1.12.0-4)
Ubuntu 17.10 (Artful Aardvark):not-affected (1.12.0-4)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1.10.0-2ubuntu0.2)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.10.0-3ubuntu0.2)
Ubuntu 17.04 (Zesty Zapus):released (1.12.0-1ubuntu0.1)
Patches:
Upstream:https://c-ares.haxx.se/CVE-2017-1000381.patch
More Information

Updated: 2017-08-17 18:14:39 UTC (commit 13125)