CVE-2017-1000381
- Source
- https://cve.org/CVERecord?id=CVE-2017-1000381
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000381.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-1000381
- Downstream
- Related
- Published
- 2017-07-07T17:29:00.307Z
- Modified
- 2026-02-03T06:55:07.243517Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The c-ares function
ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. - References
Affected packages
Git / github.com/nodejs/node
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nodejs/node
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
Affected versions
v4.*
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.3.0
v4.3.1
v4.3.2
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.5.0
v4.6.0
v4.6.1
v4.6.2
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.8.0
v4.8.1
v4.8.2
v4.8.3
v6.*
v6.10.0
v6.10.1
v6.10.2
v6.10.3
v6.11.0
v6.9.0
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v7.*
v7.0.0
v7.1.0
v7.10.0
v7.2.0
v7.2.1
v7.3.0
v7.4.0
v7.5.0
v7.6.0
v7.7.0
v7.7.1
v7.7.2
v7.7.3
v7.7.4
v7.8.0
v7.9.0
v8.*
v8.0.0
v8.1.0
v8.1.1
v8.1.2
v8.1.3