CVE-2017-1000381

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-1000381

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000381.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-1000381

Downstream

ALPINE-CVE-2017-1000381

DEBIAN-CVE-2017-1000381

DLA-998-1

RHSA-2017:2908

SUSE-SU-2017:1792-1

SUSE-SU-2017:2168-1

SUSE-SU-2019:14246-1

UBUNTU-CVE-2017-1000381

USN-3395-1

USN-4796-1

openSUSE-SU-2024:10668-1

Related

Published

2017-07-07T17:29:00Z

Modified

2025-10-15T08:36:23.085555Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type: GIT
Repo: https://github.com/nodejs/node
Events: Introduced

6dc12b1042d5d4727f77e8a1c5758dab91400069

Fixed

808569884eda590339617e543cc8076e5d91c6a2

Affected versions

v4.*

v4.2.0

v4.2.1

v4.2.2

v4.2.3

v4.2.4

v4.2.5

v4.2.6

v4.3.0

v4.3.1

v4.3.2

v4.4.0

v4.4.1

v4.4.2

v4.4.3

v4.4.4

v4.4.5

v4.4.6

v4.4.7

v4.5.0

v4.6.0

v4.6.1

v4.6.2

v4.7.0

v4.7.1

v4.7.2

v4.7.3

v4.8.0

v4.8.1

v4.8.2

v4.8.3