Vulnerabilities > CVE-2016-5180 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-648.NASL description Gzob Qq discovered that the query-building functions in c-ares, an asynchronous DNS request library would not correctly process crafted query names, resulting in a heap buffer overflow and potentially leading to arbitrary code execution. For Debian 7 last seen 2020-03-17 modified 2016-10-07 plugin id 93900 published 2016-10-07 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93900 title Debian DLA-648-1 : c-ares security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-648-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(93900); script_version("2.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2016-5180"); script_name(english:"Debian DLA-648-1 : c-ares security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Gzob Qq discovered that the query-building functions in c-ares, an asynchronous DNS request library would not correctly process crafted query names, resulting in a heap buffer overflow and potentially leading to arbitrary code execution. For Debian 7 'Wheezy', these problems have been fixed in version 1.9.1-3+deb7u1. We recommend that you upgrade your c-ares packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2016/10/msg00004.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/c-ares" ); script_set_attribute( attribute:"solution", value:"Upgrade the affected libc-ares-dev, and libc-ares2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-ares-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-ares2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2016/10/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libc-ares-dev", reference:"1.9.1-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libc-ares2", reference:"1.9.1-3+deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3143-1.NASL description Gzob Qq discovered that c-ares incorrectly handled certain hostnames. A remote attacker could use this issue to cause applications using c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 95428 published 2016-12-01 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95428 title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : c-ares vulnerability (USN-3143-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3143-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(95428); script_version("3.6"); script_cvs_date("Date: 2019/09/18 12:31:46"); script_cve_id("CVE-2016-5180"); script_xref(name:"USN", value:"3143-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : c-ares vulnerability (USN-3143-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Gzob Qq discovered that c-ares incorrectly handled certain hostnames. A remote attacker could use this issue to cause applications using c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3143-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libc-ares2 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc-ares2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/03"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|14\.04|16\.04|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04 / 16.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"libc-ares2", pkgver:"1.7.5-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libc-ares2", pkgver:"1.10.0-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libc-ares2", pkgver:"1.10.0-3ubuntu0.1")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"libc-ares2", pkgver:"1.11.0-1ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libc-ares2"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2017.NASL description According to the versions of the c-ares packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in c-ares. A hostname with an escaped trailing dot (such as last seen 2020-05-08 modified 2019-09-24 plugin id 129210 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129210 title EulerOS 2.0 SP3 : c-ares (EulerOS-SA-2019-2017) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(129210); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2016-5180", "CVE-2017-1000381" ); script_name(english:"EulerOS 2.0 SP3 : c-ares (EulerOS-SA-2019-2017)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the c-ares packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in c-ares. A hostname with an escaped trailing dot (such as 'hello\.') would have its size calculated incorrectly, leading to a single byte written beyond the end of a buffer on the heap. An attacker able to provide such a hostname to an application using c-ares, could potentially cause that application to crash.(CVE-2016-5180) - The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.(CVE-2017-1000381) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2017 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?28e034e4"); script_set_attribute(attribute:"solution", value: "Update the affected c-ares packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:c-ares"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:c-ares-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["c-ares-1.10.0-3.h1", "c-ares-devel-1.10.0-3.h1"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "c-ares"); }NASL family Fedora Local Security Checks NASL id FEDORA_2016-A7F9E86DF7.NASL description Security fix for CVE-2016-5180 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-10-10 plugin id 93926 published 2016-10-10 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93926 title Fedora 24 : mingw-c-ares (2016-a7f9e86df7) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1838.NASL description According to the versions of the c-ares packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in c-ares. A hostname with an escaped trailing dot (such as last seen 2020-05-06 modified 2019-09-17 plugin id 128890 published 2019-09-17 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128890 title EulerOS 2.0 SP2 : c-ares (EulerOS-SA-2019-1838) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_28BB6EE59B5C11E6B79919BEF72F4B7C.NASL description Node.js has released new versions containing the following security fix : The following releases all contain fixes for CVE-2016-5180 last seen 2020-06-01 modified 2020-06-02 plugin id 94416 published 2016-10-31 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94416 title FreeBSD : node.js -- ares_create_query single byte out of buffer write (28bb6ee5-9b5c-11e6-b799-19bef72f4b7c) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1950.NASL description According to the versions of the c-ares package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in c-ares. A hostname with an escaped trailing dot (such as last seen 2020-06-01 modified 2020-06-02 plugin id 128953 published 2019-09-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128953 title EulerOS Virtualization for ARM 64 3.0.2.0 : c-ares (EulerOS-SA-2019-1950) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1480.NASL description According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.(CVE-2016-5180) - The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.(CVE-2017-1000381) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-30 modified 2020-04-16 plugin id 135642 published 2020-04-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135642 title EulerOS Virtualization 3.0.2.2 : c-ares (EulerOS-SA-2020-1480) NASL family Fedora Local Security Checks NASL id FEDORA_2016-7AA3C89E7B.NASL description Security fix for CVE-2016-5180 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-10-12 plugin id 93976 published 2016-10-12 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93976 title Fedora 23 : c-ares (2016-7aa3c89e7b) NASL family Fedora Local Security Checks NASL id FEDORA_2016-4F34F26649.NASL description Security fix for CVE-2016-5180 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-11-15 plugin id 94805 published 2016-11-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94805 title Fedora 25 : mingw-c-ares (2016-4f34f26649) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1277.NASL description This update for nodejs fixes the following issues : - New upstream LTS version 4.6.1 - c-ares : + CVE-2016-5180: fix for single-byte buffer overwrite - Fix nodejs-libpath.patch so ppc doesn last seen 2020-06-05 modified 2016-11-10 plugin id 94664 published 2016-11-10 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/94664 title openSUSE Security Update : nodejs (openSUSE-2016-1277) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1805.NASL description According to the versions of the c-ares packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in c-ares. A hostname with an escaped trailing dot (such as last seen 2020-05-06 modified 2019-08-23 plugin id 128097 published 2019-08-23 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128097 title EulerOS 2.0 SP5 : c-ares (EulerOS-SA-2019-1805) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-3286-1.NASL description This update for libcares2 fixes the following issues : - Add patch to fix single byte out of buffer write (CVE-2016-5180, bsc#1007728) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 96255 published 2017-01-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96255 title SUSE SLED12 / SLES12 Security Update : libcares2 (SUSE-SU-2016:3286-1) NASL family Fedora Local Security Checks NASL id FEDORA_2016-7A3A0F0198.NASL description Update to 4.6.1 (security) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-10-31 plugin id 94414 published 2016-10-31 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94414 title Fedora 24 : 1:nodejs (2016-7a3a0f0198) NASL family Fedora Local Security Checks NASL id FEDORA_2016-1CC00CDE2D.NASL description Security fix for CVE-2016-5180 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-10-06 plugin id 93874 published 2016-10-06 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93874 title Fedora 24 : c-ares (2016-1cc00cde2d) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-3287-1.NASL description This update for libcares2 fixes the following issues : - Add patch to fix single byte out of buffer write (CVE-2016-5180, bsc#1007728) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 96256 published 2017-01-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96256 title SUSE SLES11 Security Update : libcares2 (SUSE-SU-2016:3287-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-28.NASL description The remote host is affected by the vulnerability described in GLSA-201701-28 (c-ares: Heap-based buffer overflow) A hostname with an escaped trailing dot (such as “hello\\.”) would have its size calculated incorrectly leading to a single byte written beyond the end of a buffer on the heap. Impact : A remote attacker, able to provide a specially crafted hostname to an application using c-ares, could potentially cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96422 published 2017-01-12 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96422 title GLSA-201701-28 : c-ares: Heap-based buffer overflow NASL family Fedora Local Security Checks NASL id FEDORA_2016-E523C37B4D.NASL description Security fix for CVE-2016-5180 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-11-15 plugin id 94872 published 2016-11-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94872 title Fedora 25 : c-ares (2016-e523c37b4d) NASL family Fedora Local Security Checks NASL id FEDORA_2016-66D9389548.NASL description Security fix for CVE-2016-5180 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-10-10 plugin id 93920 published 2016-10-10 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93920 title Fedora 23 : mingw-c-ares (2016-66d9389548) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1373.NASL description This update for libcares2 fixes the following issues : - ares_create_query() single byte out of buffer write (CVE-2016-5180, boo#1007728) last seen 2020-06-05 modified 2016-12-02 plugin id 95463 published 2016-12-02 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/95463 title openSUSE Security Update : libcares2 (openSUSE-2016-1373) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1403.NASL description This update for nodejs4 fixes the following issues : Security issues fixed : - CVE-2016-5180: c-ares: Fix for single-byte buffer overwrite (bsc#1007728). Bug fixes : - bsc#1009011: npm4 should provide versioned nodejs-npm and npm allowing nodejs-packaging to continue to function properly in Leap 42.2 This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2016-12-06 plugin id 95557 published 2016-12-06 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/95557 title openSUSE Security Update : nodejs4 (openSUSE-2016-1403) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-58.NASL description This update for libcares2 fixes the following issues : - Add patch to fix single byte out of buffer write (CVE-2016-5180, bsc#1007728) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2017-01-10 plugin id 96379 published 2017-01-10 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96379 title openSUSE Security Update : libcares2 (openSUSE-2017-58) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3682.NASL description Gzob Qq discovered that the query-building functions in c-ares, an asynchronous DNS request library would not correctly process crafted query names, resulting in a heap buffer overflow and potentially leading to arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 93836 published 2016-10-04 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93836 title Debian DSA-3682-1 : c-ares - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2898-1.NASL description This update for nodejs4 fixes the following issues: Security issues fixed : - CVE-2016-5180: c-ares: Fix for single-byte buffer overwrite (bsc#1007728). Bug fixes : - bsc#1009011: npm4 should provide versioned nodejs-npm and npm allowing nodejs-packaging to continue to function properly in Leap 42.2 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-24 modified 2019-01-02 plugin id 119986 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119986 title SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2016:2898-1)
Redhat
| advisories |
| ||||
| rpms |
|
References
- https://source.android.com/security/bulletin/2017-01-01.html
- http://www.securityfocus.com/bid/93243
- http://www.ubuntu.com/usn/USN-3143-1
- https://security.gentoo.org/glsa/201701-28
- http://www.debian.org/security/2016/dsa-3682
- https://c-ares.haxx.se/adv_20160929.html
- https://c-ares.haxx.se/CVE-2016-5180.patch
- https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html
- http://rhn.redhat.com/errata/RHSA-2017-0002.html