MGASA-2016-0351

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0351.html

Import Source

https://advisories.mageia.org/MGASA-2016-0351.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2016-0351

Related

CVE-2016-5180

Published

2016-10-21T14:48:32Z

Modified

2016-10-21T08:01:03Z

Summary

Updated c-ares packages fix security vulnerability

Details

In c-ares before 1.12.0, When a string is passed in to 'arescreatequery' or 'ares_mkquery' and uses an escaped trailing dot, like "hello.", c-ares calculates the string length wrong and subsequently writes outside of the the allocated buffer with one byte. The wrongly written byte is the least significant byte of the 'dnsclass' argument; most commonly 1 (CVE-2016-5180).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / c-ares

Package

Name: c-ares
Purl: pkg:rpm/mageia/c-ares?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.0-5.1.mga5

Ecosystem specific

{
    "section": "core"
}