CVE-2017-9454

Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
resiprocateresiprocate
𝑥
≤ 1.10.2
resiprocateresiprocate
1.11.0:alpha1
resiprocateresiprocate
1.11.0:alpha10
resiprocateresiprocate
1.11.0:alpha11
resiprocateresiprocate
1.11.0:alpha2
resiprocateresiprocate
1.11.0:alpha3
resiprocateresiprocate
1.11.0:alpha4
resiprocateresiprocate
1.11.0:alpha5
resiprocateresiprocate
1.11.0:alpha6
resiprocateresiprocate
1.11.0:alpha7
resiprocateresiprocate
1.11.0:alpha8
resiprocateresiprocate
1.11.0:alpha9
resiprocateresiprocate
1.11.0:beta1
resiprocateresiprocate
1.11.0:beta2
resiprocateresiprocate
1.11.0:beta3
resiprocateresiprocate
1.11.0:beta4
resiprocateresiprocate
1.11.0:beta5
resiprocateresiprocate
1.12.0:alpha1
resiprocateresiprocate
1.12.0:beta1
resiprocateresiprocate
1.12.0:beta2
resiprocateresiprocate
1.12.0:beta3
resiprocateresiprocate
1.12.0:beta4
resiprocateresiprocate
1.12.0:beta5
resiprocateresiprocate
1.12.0:beta6
resiprocateresiprocate
1.12.0:beta7
resiprocateresiprocate
1.12.0:beta8
resiprocateresiprocate
1.12.0:beta9
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
resiprocate
zesty
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://github.com/resiprocate/resiprocate/commit/d67a9ca6fd06ca65d23e313bdbad1ef4dd3aa0df
https://list.resiprocate.org/archive/resiprocate-users/msg02700.html
https://github.com/resiprocate/resiprocate/commit/d67a9ca6fd06ca65d23e313bdbad1ef4dd3aa0df
https://list.resiprocate.org/archive/resiprocate-users/msg02700.html