Subject: Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write

Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 29 Sep 2016 16:18:44 +0200 (CEST)

On Thu, 29 Sep 2016, Daniel Stenberg wrote:

> INFO
> ----
>
> The Common Vulnerabilities and Exposures (CVE) project has assigned the name
> CVE-2016-5180 to this issue.
>
> AFFECTED VERSIONS
> -----------------
>
> This flaw exists in the following c-ares versions.
>
> - Affected versions: libcurl 1.0.0 to and including 1.11.0
> - Not affected versions: c-ares >= 1.12.0

Sorry for being sloppy. I meant to write c-ares above and not libcurl. This
was a copy and paste error that is already fixed in the web version of this
advisory at

  https://c-ares.haxx.se/adv_20160929.html

-- 
  / daniel.haxx.se
Received on 2016-09-29