CVE-2016-5180

CRITICAL

C-ares < 0.10.48 - Out-of-Bounds Write

Title source: rule

Description

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.

Exploits (3)

nomisec WORKING POC
by pouriam23 · poc
https://github.com/pouriam23/CVE-2016-5180
nomisec WORKING POC
by pouriam23 · poc
https://github.com/pouriam23/final-CVE-2016-5180
nomisec WORKING POC
by pouriam23 · poc
https://github.com/pouriam23/CVE-2016-5180-docker-

References (9)

Scores

CVSS v3 9.8
EPSS 0.1817
EPSS Percentile 95.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-787
Status draft

Affected Products (30)

c-ares/c-ares
c-ares/c-ares
c-ares/c-ares
c-ares/c-ares
c-ares/c-ares
c-ares/c-ares
c-ares/c-ares
c-ares/c-ares
c-ares/c-ares
c-ares/c-ares
c-ares/c-ares
c-ares/c-ares
c-ares/c-ares
c-ares/c-ares
c-ares/c-ares
... and 15 more

Timeline

Published Oct 03, 2016
Tracked Since Feb 18, 2026