Heap-based buffer overflow in the arescreatequery function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1.10.0-2ubuntu0.1", "binary_name": "libc-ares-dev" }, { "binary_version": "1.10.0-2ubuntu0.1", "binary_name": "libc-ares2" }, { "binary_version": "1.10.0-2ubuntu0.1", "binary_name": "libc-ares2-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1.10.0-3ubuntu0.1", "binary_name": "libc-ares-dev" }, { "binary_version": "1.10.0-3ubuntu0.1", "binary_name": "libc-ares2" }, { "binary_version": "1.10.0-3ubuntu0.1", "binary_name": "libc-ares2-dbgsym" } ] }