VDB

GCVE-110-MAGEIA-2016-351

GCVE-110-MAGEIA-2016-351
Advisory Published
Vulnetix · Advisory published October 21, 2016
In c-ares before 1.12.0, When a string is passed in to 'ares_create_query' or 'ares_mkquery' and uses an escaped trailing dot, like "hello\.", c-ares calculates the string length wrong and subsequently writes outside of the the allocated buffer with one byte. The wrongly written byte is the least significant byte of the 'dnsclass' argument; most commonly 1 (CVE-2016-5180).

Affected Products

VendorProductVersionsPlatforms
Mageiac-ares1.10.0-5.1.mga5 (unaffected), 0 (affected)

Browse GCVE Records

72,580 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›