CVE-2017-1000381 - OpenCVE

The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
C-ares Project	C-ares
Nodejs	Node.js
C-ares	C-ares

Configuration 1 [-]

OR	cpe:2.3:a:c-ares:c-ares:1.8.0:::::::*
	cpe:2.3:a:c-ares:c-ares:1.9.0:::::::*
	cpe:2.3:a:c-ares:c-ares:1.9.1:::::::*
	cpe:2.3:a:c-ares:c-ares:1.10.0:::::::*
	cpe:2.3:a:c-ares:c-ares:1.12.0:::::::*
	cpe:2.3:a:c-ares_project:c-ares:1.11.0:::::::*
	cpe:2.3:a:c-ares_project:c-ares:1.11.0:rc1::::::

Configuration 2 [-]

OR	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*

References

Link	Resource
http://www.securityfocus.com/bid/99148	Third Party Advisory VDB Entry
https://c-ares.haxx.se/0616.patch	Mailing List Vendor Advisory
https://c-ares.haxx.se/adv_20170620.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-07T17:00:00

Updated: 2017-07-10T09:57:01

Reserved: 2017-07-07T00:00:00

Link: CVE-2017-1000381

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-07-07T17:29:00.307

Modified: 2023-09-15T11:42:43.053

Link: CVE-2017-1000381

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-06-20T00:00:00", "descriptions": [{"lang": "en", "value": "The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://c-ares.haxx.se/0616.patch"}, {"name": "99148", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99148"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://c-ares.haxx.se/adv_20170620.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-1000381", "REQUESTER": "daniel@haxx.se", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://c-ares.haxx.se/0616.patch", "refsource": "CONFIRM", "url": "https://c-ares.haxx.se/0616.patch"}, {"name": "99148", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99148"}, {"name": "https://c-ares.haxx.se/adv_20170620.html", "refsource": "CONFIRM", "url": "https://c-ares.haxx.se/adv_20170620.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-1000381", "datePublished": "2017-07-07T17:00:00", "dateReserved": "2017-07-07T00:00:00", "dateUpdated": "2017-07-10T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:c-ares:c-ares:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7BDB0FC-AA36-4C41-B3DC-201F0DE0191A", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "5B38F8E2-7710-4303-A80F-9009619BEC7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "AA1637EF-3393-4770-91AE-89EA53D57830", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "93FA2559-0DB1-49BE-A6E6-C73408F4AB57", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "B92EADF5-3500-4F37-808E-41DC48DE8D68", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares_project:c-ares:1.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8F4F4BD-4316-4CB2-8FCE-9EE5C59E64EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares_project:c-ares:1.11.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "476034B6-69BF-4130-8139-D5DDC1EB0028", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379", "versionEndIncluding": "4.1.2", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "matchCriteriaId": "AC1070A7-E3E0-423C-A73A-040FCED8AD96", "versionEndExcluding": "4.8.4", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "121E5D5D-B4D9-43F3-B5C9-74590192FAF1", "versionEndIncluding": "5.12.0", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4", "versionEndIncluding": "6.8.1", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "matchCriteriaId": "6EA3B1B4-3576-4508-AC77-4AE3A5622E09", "versionEndExcluding": "6.11.1", "versionStartIncluding": "6.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "B9C02D94-B713-4BE4-8C26-F21C2ADC01B0", "versionEndExcluding": "7.10.1", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "02C6E585-2704-4EC2-BED1-CF6D61BE9CC9", "versionEndExcluding": "8.1.4", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way."}, {"lang": "es", "value": "La funci\u00f3n \"ares_parse_naptr_reply()\" de c-ares, que es usada para analizar las respuestas NAPTR, podr\u00eda ser activada para leer la memoria fuera del b\u00fafer de entrada dado si el pasado en el paquete de respuesta DNS fue creado de una manera particular."}], "id": "CVE-2017-1000381", "lastModified": "2023-09-15T11:42:43.053", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-07T17:29:00.307", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99148"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://c-ares.haxx.se/0616.patch"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://c-ares.haxx.se/adv_20170620.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}