Vulnerabilities > C Ares > C Ares > 1.8.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-07 | CVE-2017-1000381 | Information Exposure vulnerability in multiple products The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. | 7.5 |
2016-10-03 | CVE-2016-5180 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. | 9.8 |