c-ares: Heap-based buffer overflow — GLSA 201701-28

A heap-based buffer overflow in c-ares might allow remote attackers to cause a Denial of Service condition.

Affected Packages

net-dns/c-ares on all architectures
Affected versions < 1.12.0
Unaffected versions >= 1.12.0

Background

c-ares is a C library for asynchronous DNS requests (including name resolves).

Description

A hostname with an escaped trailing dot (such as “hello\.”) would have its size calculated incorrectly leading to a single byte written beyond the end of a buffer on the heap.

Impact

A remote attacker, able to provide a specially crafted hostname to an application using c-ares, could potentially cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All c-ares users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-dns/c-ares-1.12.0"
 

References

Release Date
January 11, 2017

Latest Revision
January 11, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries