CVE-2016-5180

CRITICAL

c-ares < 1.12.0 - Heap-based Buffer Overflow via Escaped Trailing Dot in Hostname

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2016-5180. PoCs published by pouriam23.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2016-5180, demonstrating an SSRF vulnerability in Node.js applications using the 'dns.resolve' function. The exploit allows an attacker to perform DNS rebinding attacks by submitting arbitrary callback URLs, which are resolved without proper validation.

Description

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.

Exploits (3)

nomisec WORKING POC
by pouriam23 · poc
https://github.com/pouriam23/final-CVE-2016-5180

This repository contains a functional PoC for CVE-2016-5180, demonstrating an SSRF vulnerability in Node.js applications using the 'dns.resolve' function. The exploit allows an attacker to perform DNS rebinding attacks by submitting arbitrary callback URLs, which are resolved without proper validation.

Classification
Working Poc 90%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: Node.js applications using dns.resolve
No auth needed
Prerequisites: Node.js environment · Network access to the target application
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by pouriam23 · poc
https://github.com/pouriam23/CVE-2016-5180-docker-

This repository contains a functional PoC for CVE-2016-5180, demonstrating an SSRF vulnerability via DNS rebinding. The server.js code accepts a user-provided callback URL and resolves it without proper validation, allowing an attacker to exploit DNS rebinding to access internal services.

Classification
Working Poc 90%
Attack Type
Ssrf
Complexity
Moderate
Reliability
Reliable
Target: Node.js applications using DNS resolution without validation
No auth needed
Prerequisites: Network access to the target application · Ability to control DNS resolution for the callback URL
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by pouriam23 · poc
https://github.com/pouriam23/CVE-2016-5180

This repository contains a functional PoC for CVE-2016-5180, demonstrating an SSRF vulnerability via DNS rebinding. The server.js code accepts a user-provided callback URL and resolves it without proper validation, allowing an attacker to exploit DNS rebinding to access internal services.

Classification
Working Poc 90%
Attack Type
Ssrf
Complexity
Moderate
Reliability
Reliable
Target: Node.js applications using DNS resolution without proper validation
No auth needed
Prerequisites: Network access to the target server · Ability to control DNS resolution for a domain
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93243
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3143-1
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201701-28
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3682
Various Sources x_refsource_confirm
https://c-ares.haxx.se/adv_20160929.html
Various Sources x_refsource_confirm
https://c-ares.haxx.se/CVE-2016-5180.patch
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0002.html

Scores

CVSS v3 9.8
EPSS 0.1709
EPSS Percentile 95.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (30)
c-ares/c-ares 1.0.0
c-ares/c-ares 1.1.0
c-ares/c-ares 1.2.0
c-ares/c-ares 1.2.1
c-ares/c-ares 1.3.0
c-ares/c-ares 1.3.1
c-ares/c-ares 1.3.2
c-ares/c-ares 1.4.0
c-ares/c-ares 1.5.0
c-ares/c-ares 1.5.1
... and 20 more
Published Oct 03, 2016
Tracked Since Feb 18, 2026