CVE-2017-1000381
Description
The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.506
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| library for asynchronous name resolution (USN-3395-1) libc-ares2_1.10.0-2ubuntu0.2_i386.deb | Linux |
| library for asynchronous name resolution (USN-3395-1) libc-ares2_1.10.0-2ubuntu0.2_amd64.deb | Linux |
| library for asynchronous name resolution (USN-3395-1) libc-ares2_1.10.0-3ubuntu0.2_i386.deb | Linux |
| library for asynchronous name resolution (USN-3395-1) libc-ares2_1.10.0-3ubuntu0.2_amd64.deb | Linux |
| library for asynchronous name resolution (USN-3395-1) libc-ares2_1.12.0-1ubuntu0.1_i386.deb | Linux |
| library for asynchronous name resolution (USN-3395-1) libc-ares2_1.12.0-1ubuntu0.1_amd64.deb | Linux |
| SUSE-SU-2017:1792-1(SUSE Linux Enterprise Desktop 12-SP2 ) libcares2-1.9.1-8.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1792-1(SUSE Linux Enterprise Desktop 12-SP2 ) libcares2-32bit-1.9.1-8.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1792-1(SUSE Linux Enterprise Desktop 12-SP2 ) libcares2-debuginfo-1.9.1-8.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1792-1(SUSE Linux Enterprise Desktop 12-SP2 ) libcares2-debuginfo-32bit-1.9.1-8.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1792-1(SUSE Linux Enterprise Desktop 12-SP2 ) libcares2-debugsource-1.9.1-8.1.x86_64.rpm | Linux |
| Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000381) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234