Home

CVE-2016-5180

Description

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
15.203

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2016-5179,CVE-2016-5180 are fixed in Chrome 53.0.2785.144Windows
Vulnerabilities CVE-2016-5179,CVE-2016-5180 are fixed in Chrome (x64) 53.0.2785.144Windows
SUSE-SU-2016:3286-1(SUSE Linux Enterprise Desktop 12-SP1 ) libcares2-1.9.1-5.1.x86_64.rpmLinux
SUSE-SU-2016:3286-1(SUSE Linux Enterprise Desktop 12-SP1 ) libcares2-32bit-1.9.1-5.1.x86_64.rpmLinux
SUSE-SU-2016:3286-1(SUSE Linux Enterprise Desktop 12-SP1 ) libcares2-debuginfo-1.9.1-5.1.x86_64.rpmLinux
SUSE-SU-2016:3286-1(SUSE Linux Enterprise Desktop 12-SP1 ) libcares2-debuginfo-32bit-1.9.1-5.1.x86_64.rpmLinux
SUSE-SU-2016:3286-1(SUSE Linux Enterprise Desktop 12-SP1 ) libcares2-debugsource-1.9.1-5.1.x86_64.rpmLinux
SUSE-SU-2016:3287-1(SUSE Linux Enterprise Server 11-SP4 ) libcares2-1.7.4-7.9.1.x86_64.rpmLinux
Vulnerabilities CVE-2016-5179,CVE-2016-5180 are fixed in Chrome 53.0.2785.144 (For Debian)Linux
Vulnerabilities CVE-2016-5179,CVE-2016-5180 are fixed in Chrome 53.0.2785.144 (For Centos)Linux
Vulnerabilities CVE-2016-5179,CVE-2016-5180 are fixed in Chrome 53.0.2785.144 (For RedHat)Linux
Vulnerabilities CVE-2016-5179,CVE-2016-5180 are fixed in Chrome 53.0.2785.144 (For Suse)Linux
Vulnerabilities CVE-2016-5179,CVE-2016-5180 are fixed in Chrome 53.0.2785.144 (For Ubuntu)Linux
Out-of-bounds Write Vulnerability (CVE-2016-5180)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-313038Google Chrome (80.0.3987.122)
PATCH-313039Google Chrome (x64) (80.0.3987.122)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234