AVG-37

Package c-ares
Status Fixed
Severity High
Type arbitrary code execution
Affected 1.11.0-1
Fixed 1.12.0-1
Current 1.14.0-1 [extra]
Ticket None
Created Thu Sep 29 13:27:14 2016
Issue Severity Remote Type Description
CVE-2016-5180 High Yes Arbitrary code execution
When a string is passed in to ares_create_query or ares_mkquery and uses an escaped trailing dot, like "hello\.", c-ares calculates the string length wrong...
Date Advisory Package Description
30 Sep 2016 ASA-201609-31 c-ares arbitrary code execution
References
https://c-ares.haxx.se/adv_20160929.html