CVE-2016-5180 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
When a string is passed in to ares_create_query or ares_mkquery and uses an escaped trailing dot, like "hello\.", c-ares calculates the string length wrong and subsequently writes outside of the the allocated buffer with one byte. The wrongly written byte is the least significant byte of the 'dnsclass' argument; most commonly 1.
Group Package Affected Fixed Severity Status Ticket
AVG-37 c-ares 1.11.0-1 1.12.0-1 High Fixed
Date Advisory Group Package Severity Description
30 Sep 2016 ASA-201609-31 AVG-37 c-ares High arbitrary code execution
References
https://c-ares.haxx.se/adv_20160929.html
https://c-ares.haxx.se/CVE-2016-5180.patch