{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-29T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://source.android.com/security/bulletin/2017-01-01.html"}, {"name": "93243", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93243"}, {"name": "USN-3143-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3143-1"}, {"name": "GLSA-201701-28", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-28"}, {"name": "DSA-3682", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3682"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://c-ares.haxx.se/adv_20160929.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://c-ares.haxx.se/CVE-2016-5180.patch"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html"}, {"name": "RHSA-2017:0002", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0002.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2016-5180", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html"}, {"name": "93243", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93243"}, {"name": "USN-3143-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3143-1"}, {"name": "GLSA-201701-28", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-28"}, {"name": "DSA-3682", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3682"}, {"name": "https://c-ares.haxx.se/adv_20160929.html", "refsource": "CONFIRM", "url": "https://c-ares.haxx.se/adv_20160929.html"}, {"name": "https://c-ares.haxx.se/CVE-2016-5180.patch", "refsource": "CONFIRM", "url": "https://c-ares.haxx.se/CVE-2016-5180.patch"}, {"name": "https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html", "refsource": "CONFIRM", "url": "https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html"}, {"name": "RHSA-2017:0002", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0002.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:53:48.437Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://source.android.com/security/bulletin/2017-01-01.html"}, {"name": "93243", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93243"}, {"name": "USN-3143-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3143-1"}, {"name": "GLSA-201701-28", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-28"}, {"name": "DSA-3682", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3682"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://c-ares.haxx.se/adv_20160929.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://c-ares.haxx.se/CVE-2016-5180.patch"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html"}, {"name": "RHSA-2017:0002", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0002.html"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2016-5180", "datePublished": "2016-10-03T15:00:00", "dateReserved": "2016-05-31T00:00:00", "dateUpdated": "2024-08-06T00:53:48.437Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:c-ares:c-ares:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1290A1CC-6506-4D8A-A4A6-055A38D57547", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5FB2A771-24BE-4FB5-87E9-25C385848AAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CE64E1CB-185E-481B-BC81-C28D216ED470", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "530ACB4D-6981-4B39-857E-CBB07EB0CA4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B33501E-65BA-45BB-860D-39FA94D010A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "9AA3F962-8659-444F-BB08-6CBED2661C82", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "644E7D14-54E1-4F7E-A640-514A88E03D26", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4E515118-8774-4C7F-8261-305910EF643F", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "C6C473F9-81E3-4555-8469-63A27DEDEDD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "19E695E5-93F5-49FD-AB58-D53169E1AB69", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "1B168912-2129-4833-B448-BC7616355885", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "47AD1736-F47B-4A93-9D59-C88BE0D10FA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "AA4D5F27-A8F0-41B4-9832-4F9830F96B26", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "340C5CF0-AC09-4C17-9F15-6B0BEAC62629", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "44895917-6186-477B-9B72-AA7B20B3E3E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "FA26B2AA-395B-4D6C-8260-569E54751532", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "800D4E24-7E7A-4316-86F1-B8150DAE540C", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "3710921E-94D4-4D9E-BD45-86E23ECE8C7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "8883FA5A-CC60-4275-9C3B-31A7FBD2A073", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7BDB0FC-AA36-4C41-B3DC-201F0DE0191A", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "5B38F8E2-7710-4303-A80F-9009619BEC7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "AA1637EF-3393-4770-91AE-89EA53D57830", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares:c-ares:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "93FA2559-0DB1-49BE-A6E6-C73408F4AB57", "vulnerable": true}, {"criteria": "cpe:2.3:a:c-ares_project:c-ares:1.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8F4F4BD-4316-4CB2-8FCE-9EE5C59E64EA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "matchCriteriaId": "C73D7118-BF5A-4651-88A3-5BD1F91073C0", "versionEndExcluding": "0.10.48", "versionStartIncluding": "0.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "matchCriteriaId": "E18583B6-328E-4EC2-9CC2-E13B1EFA8576", "versionEndExcluding": "0.12.17", "versionStartIncluding": "0.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E42AB86-763E-4ACE-83ED-E0ECA7E3BCC2", "versionEndExcluding": "4.6.1", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*", "matchCriteriaId": "1AFB20FA-CB00-4729-AB3A-816454C6D096", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n ares_create_query en c-ares 1.x en versiones anteriores a 1.12.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (escritura fuera de l\u00edmites) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un nombre de host con puntos finales de fuga."}], "id": "CVE-2016-5180", "lastModified": "2023-11-07T02:33:17.543", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-03T15:59:03.270", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0002.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.debian.org/security/2016/dsa-3682"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/93243"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.ubuntu.com/usn/USN-3143-1"}, {"source": "chrome-cve-admin@google.com", "url": "https://c-ares.haxx.se/CVE-2016-5180.patch"}, {"source": "chrome-cve-admin@google.com", "url": "https://c-ares.haxx.se/adv_20160929.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://security.gentoo.org/glsa/201701-28"}, {"source": "chrome-cve-admin@google.com", "url": "https://source.android.com/security/bulletin/2017-01-01.html"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:0002", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-nodejs4-http-parser-0:2.7.0-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2017-01-02T00:00:00Z"}, {"advisory": "RHSA-2017:0002", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-nodejs4-nodejs-0:4.6.2-4.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2017-01-02T00:00:00Z"}, {"advisory": "RHSA-2017:0002", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-nodejs4-http-parser-0:2.7.0-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2017-01-02T00:00:00Z"}, {"advisory": "RHSA-2017:0002", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-nodejs4-nodejs-0:4.6.2-4.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2017-01-02T00:00:00Z"}, {"advisory": "RHSA-2017:0002", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-nodejs4-http-parser-0:2.7.0-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2017-01-02T00:00:00Z"}, {"advisory": "RHSA-2017:0002", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-nodejs4-nodejs-0:4.6.2-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2017-01-02T00:00:00Z"}, {"advisory": "RHSA-2017:0002", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-nodejs4-http-parser-0:2.7.0-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2017-01-02T00:00:00Z"}, {"advisory": "RHSA-2017:0002", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-nodejs4-nodejs-0:4.6.2-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2017-01-02T00:00:00Z"}, {"advisory": "RHSA-2017:0002", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-nodejs4-http-parser-0:2.7.0-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2017-01-02T00:00:00Z"}, {"advisory": "RHSA-2017:0002", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-nodejs4-nodejs-0:4.6.2-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2017-01-02T00:00:00Z"}, {"advisory": "RHSA-2017:0002", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-nodejs4-http-parser-0:2.7.0-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2017-01-02T00:00:00Z"}, {"advisory": "RHSA-2017:0002", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-nodejs4-nodejs-0:4.6.2-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2017-01-02T00:00:00Z"}], "bugzilla": {"description": "c-ares: Single byte out of buffer write", "id": "1380463", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380463"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-193->CWE-122", "details": ["Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.", "A vulnerability was found in c-ares. A hostname with an escaped trailing dot (such as \"hello\\.\") would have its size calculated incorrectly, leading to a single byte written beyond the end of a buffer on the heap. An attacker able to provide such a hostname to an application using c-ares, could potentially cause that application to crash."], "name": "CVE-2016-5180", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "c-ares", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "c-ares", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "c-ares", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack-optools:7", "fix_state": "Under investigation", "package_name": "nodejs", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Tools"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Not affected", "package_name": "nodejs010-nodejs", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openshift:3", "fix_state": "Not affected", "package_name": "nodejs", "product_name": "Red Hat OpenShift Enterprise 3"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "nodejs010-c-ares", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "nodejs010-nodejs", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-nodejs6-nodejs", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-nodejs8-nodejs", "product_name": "Red Hat Software Collections"}], "public_date": "2016-09-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-5180\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5180\nhttps://c-ares.haxx.se/adv_20160929.html"], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate", "upstream_fix": "nodejs 4.6.1, nodejs 0.10.48, c-ares 1.12.0"}