CVE-2017-1000381
Published Jul 7, 2017
Last updated a year ago
Overview
- Description
- The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7BDB0FC-AA36-4C41-B3DC-201F0DE0191A"
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B38F8E2-7710-4303-A80F-9009619BEC7B"
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.9.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA1637EF-3393-4770-91AE-89EA53D57830"
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93FA2559-0DB1-49BE-A6E6-C73408F4AB57"
},
{
"criteria": "cpe:2.3:a:c-ares:c-ares:1.12.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B92EADF5-3500-4F37-808E-41DC48DE8D68"
},
{
"criteria": "cpe:2.3:a:c-ares_project:c-ares:1.11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8F4F4BD-4316-4CB2-8FCE-9EE5C59E64EA"
},
{
"criteria": "cpe:2.3:a:c-ares_project:c-ares:1.11.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "476034B6-69BF-4130-8139-D5DDC1EB0028"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.0.0"
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC1070A7-E3E0-423C-A73A-040FCED8AD96",
"versionEndExcluding": "4.8.4",
"versionStartIncluding": "4.2.0"
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "121E5D5D-B4D9-43F3-B5C9-74590192FAF1",
"versionEndIncluding": "5.12.0",
"versionStartIncluding": "5.0.0"
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0"
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EA3B1B4-3576-4508-AC77-4AE3A5622E09",
"versionEndExcluding": "6.11.1",
"versionStartIncluding": "6.9.0"
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9C02D94-B713-4BE4-8C26-F21C2ADC01B0",
"versionEndExcluding": "7.10.1",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02C6E585-2704-4EC2-BED1-CF6D61BE9CC9",
"versionEndExcluding": "8.1.4",
"versionStartIncluding": "8.0.0"
}
],
"operator": "OR"
}
]
}
]