c-ares NAPTR parser out of bounds access (!13897) · Merge requests · Rodrigo Test / Test Group-nodejs / node · GitLab

Do not update/delete: Banner broadcast message test data

Do not update/delete: Notification broadcast message test data

Rodrigo Muino Tomonari requested to merge github/fork/kasicka/cares-CVE-2017-1000381 into master Jun 24, 2017

CVE: CVE-2017-1000381 Upstream bug: https://c-ares.haxx.se/adv_20170620.html Upstream patch: https://c-ares.haxx.se/CVE-2017-1000381.patch

I haven't seen PR/issue for this CVE, so I created one. It's the same as upstream c-ares patch.

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
documentation is changed or added
commit message follows commit guidelines

Affected core subsystem(s)

bundled c-ares