oss-sec mailing list archives
Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write
From: Daniel Stenberg <daniel () haxx se>
Date: Thu, 29 Sep 2016 16:18:44 +0200 (CEST)
On Thu, 29 Sep 2016, Daniel Stenberg wrote:
INFO ---- The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2016-5180 to this issue. AFFECTED VERSIONS ----------------- This flaw exists in the following c-ares versions. - Affected versions: libcurl 1.0.0 to and including 1.11.0 - Not affected versions: c-ares >= 1.12.0
Sorry for being sloppy. I meant to write c-ares above and not libcurl. This was a copy and paste error that is already fixed in the web version of this advisory at
https://c-ares.haxx.se/adv_20160929.html -- / daniel.haxx.se
Current thread:
- [SECURITY ADVISORY] c-ares: single byte out of buffer write Daniel Stenberg (Sep 29)
- Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write Daniel Stenberg (Sep 29)
- Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write Hanno Böck (Sep 29)