c-ares NAPTR parser out of bounds access
CVE: CVE-2017-1000381 Upstream bug: https://c-ares.haxx.se/adv_20170620.html Upstream patch: https://c-ares.haxx.se/CVE-2017-1000381.patch
I haven't seen PR/issue for this CVE, so I created one. It's the same as upstream c-ares patch.
Checklist
-
make -j4 test
(UNIX), orvcbuild test
(Windows) passes -
tests and/or benchmarks are included -
documentation is changed or added -
commit message follows commit guidelines
Affected core subsystem(s)
bundled c-ares