Peng Terry Wang wrote:
> Could you please confirm if c-ares affected by the glibc security issue below?
> https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
It doesn't seem it is. Yesterday I tried curl + C-ares with the
test DNS-server from this CVE 'Proof of Concept' Python script:
https://github.com/fjserna/CVE-2015-7547
And curl + C-ares didn't crash or anything. It just ignored the
huge responses in that script.
PS. Please don't hijack a message thread for another issue.
-- --gvReceived on 2016-02-18