c-ares

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description C library that performs DNS requests and name resolves asynchronously
Version 1.15.0-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-315 1.12.0-1 1.13.0-1 Medium Fixed
AVG-37 1.11.0-1 1.12.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2017-1000381 AVG-315 Medium Yes Information disclosure
A out-of-bounds read has been found in c-ares < 1.13.0. The ares_parse_naptr_reply() function, which is used for parsing NAPTR responses, could be triggered...
CVE-2016-5180 AVG-37 High Yes Arbitrary code execution
When a string is passed in to ares_create_query or ares_mkquery and uses an escaped trailing dot, like "hello\.", c-ares calculates the string length wrong...

Advisories

Date Advisory Group Severity Description
18 Jul 2017 ASA-201707-21 AVG-315 Medium information disclosure
30 Sep 2016 ASA-201609-31 AVG-37 High arbitrary code execution