[3.4] c-ares: NAPTR parser out of bounds access (CVE-2017-1000381)
The c-ares function ares_parse_naptr_reply(), which is used for
parsing NAPTR responses, could be triggered
to read memory outside of the given input buffer if the passed in DNS
response packet was crafted in a particular way.
Affected versions:
c-ares 1.8.0 to and including 1.12.0
Not affected versions:
c-ares >= 1.13.0
Reference:
https://c-ares.haxx.se/adv\_20170620.html
Patch:
https://c-ares.haxx.se/CVE-2017-1000381.patch
(from redmine: issue id 7528, created on 2017-07-14, closed on 2017-08-14)
- Relations:
- parent #7525 (closed)
- Changesets:
- Revision 83cc0700 by Francesco Colista on 2017-08-14T14:14:01Z:
main/c-ares: fix for CVE-2017-1000381. Fixes #7528