Skip to content

C-Ares version update for buffer overflow vulnerability fix? #11728

New issue
New issue
Closed
Closed
C-Ares version update for buffer overflow vulnerability fix?#11728
Labels
caresIssues and PRs related to the c-ares dependency or the cares_wrap binding.questionIssues that look for answers.securityIssues and PRs related to security.
@Mickael-van-der-Beek

Description

@Mickael-van-der-Beek
Mickael-van-der-Beek
opened on Mar 7, 2017

I was wondering if there were any plans for Node.js to update the C-Ares version from 1.10.0 to 1.12.0 so as to take into account the fix for the buffer overflow vulnerability (CVE-2016-5180)?

CVE-2016-5180: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180
C-Ares Advisory: https://c-ares.haxx.se/adv_20160929.html
C-Ares Patch: https://c-ares.haxx.se/CVE-2016-5180.patch

Metadata

Metadata

Assignees

No one assigned

    Labels

    caresIssues and PRs related to the c-ares dependency or the cares_wrap binding.questionIssues that look for answers.securityIssues and PRs related to security.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions