Heap-based buffer overflow in the arescreatequery function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libc-ares-dev": "1.10.0-2ubuntu0.1", "libc-ares2": "1.10.0-2ubuntu0.1", "libc-ares2-dbgsym": "1.10.0-2ubuntu0.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libc-ares-dev": "1.10.0-3ubuntu0.1", "libc-ares2": "1.10.0-3ubuntu0.1", "libc-ares2-dbgsym": "1.10.0-3ubuntu0.1" } ] }