All the vulnerabilites related to c-ares - c-ares
cve-2016-5180
Vulnerability from cvelistv5
Published
2016-10-03 15:00
Modified
2024-08-06 00:53
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/2017-01-01.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/93243 | vdb-entry, x_refsource_BID | |
http://www.ubuntu.com/usn/USN-3143-1 | vendor-advisory, x_refsource_UBUNTU | |
https://security.gentoo.org/glsa/201701-28 | vendor-advisory, x_refsource_GENTOO | |
http://www.debian.org/security/2016/dsa-3682 | vendor-advisory, x_refsource_DEBIAN | |
https://c-ares.haxx.se/adv_20160929.html | x_refsource_CONFIRM | |
https://c-ares.haxx.se/CVE-2016-5180.patch | x_refsource_CONFIRM | |
https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2017-0002.html | vendor-advisory, x_refsource_REDHAT |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T00:53:48.437Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "93243", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/93243" }, { "name": "USN-3143-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-3143-1" }, { "name": "GLSA-201701-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201701-28" }, { "name": "DSA-3682", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3682" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://c-ares.haxx.se/adv_20160929.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://c-ares.haxx.se/CVE-2016-5180.patch" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html" }, { "name": "RHSA-2017:0002", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0002.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-09-29T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "93243", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/93243" }, { "name": "USN-3143-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-3143-1" }, { "name": "GLSA-201701-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201701-28" }, { "name": "DSA-3682", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3682" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://c-ares.haxx.se/adv_20160929.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://c-ares.haxx.se/CVE-2016-5180.patch" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html" }, { "name": "RHSA-2017:0002", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0002.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2016-5180", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/2017-01-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-01-01.html" }, { "name": "93243", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93243" }, { "name": "USN-3143-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3143-1" }, { "name": "GLSA-201701-28", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-28" }, { "name": "DSA-3682", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3682" }, { "name": "https://c-ares.haxx.se/adv_20160929.html", "refsource": "CONFIRM", "url": "https://c-ares.haxx.se/adv_20160929.html" }, { "name": "https://c-ares.haxx.se/CVE-2016-5180.patch", "refsource": "CONFIRM", "url": "https://c-ares.haxx.se/CVE-2016-5180.patch" }, { "name": "https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html", "refsource": "CONFIRM", "url": "https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html" }, { "name": "RHSA-2017:0002", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0002.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2016-5180", "datePublished": "2016-10-03T15:00:00", "dateReserved": "2016-05-31T00:00:00", "dateUpdated": "2024-08-06T00:53:48.437Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-31130
Vulnerability from cvelistv5
Published
2023-05-25 21:45
Modified
2024-08-02 14:45
Severity ?
EPSS score ?
Summary
Buffer Underwrite in ares_inet_net_pton()
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:45:26.018Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v" }, { "name": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5419" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-09" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240605-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "c-ares", "vendor": "c-ares", "versions": [ { "status": "affected", "version": "\u003c 1.19.1" } ] } ], "descriptions": [ { "lang": "en", "value": "c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular \"0::00:00:00/2\" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-124", "description": "CWE-124: Buffer Underwrite (\u0027Buffer Underflow\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-25T21:45:42.645Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v" }, { "name": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "url": "https://www.debian.org/security/2023/dsa-5419" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html" }, { "url": "https://security.gentoo.org/glsa/202310-09" }, { "url": "https://security.netapp.com/advisory/ntap-20240605-0005/" } ], "source": { "advisory": "GHSA-x6mf-cxr9-8q6v", "discovery": "UNKNOWN" }, "title": "Buffer Underwrite in ares_inet_net_pton()" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-31130", "datePublished": "2023-05-25T21:45:42.645Z", "dateReserved": "2023-04-24T21:44:10.416Z", "dateUpdated": "2024-08-02T14:45:26.018Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-32067
Vulnerability from cvelistv5
Published
2023-05-25 22:49
Modified
2024-08-02 15:03
Severity ?
EPSS score ?
Summary
0-byte UDP payload DoS in c-ares
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fedora", "vendor": "fedoraproject", "versions": [ { "status": "affected", "version": "37" } ] }, { "cpes": [ "cpe:2.3:a:c-ares:c-ares:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "c-ares", "vendor": "c-ares", "versions": [ { "lessThan": "1.19.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fedora", "vendor": "fedoraproject", "versions": [ { "status": "affected", "version": "38" } ] }, { "cpes": [ "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "debian_linux", "vendor": "debian", "versions": [ { "status": "affected", "version": "10.0" }, { "status": "affected", "version": "11.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-32067", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-16T18:37:41.012008Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-16T18:42:36.162Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T15:03:28.668Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc" }, { "name": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5419" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-09" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240605-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "c-ares", "vendor": "c-ares", "versions": [ { "status": "affected", "version": "\u003c 1.19.1" } ] } ], "descriptions": [ { "lang": "en", "value": "c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-25T22:49:55.860Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc" }, { "name": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "url": "https://www.debian.org/security/2023/dsa-5419" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html" }, { "url": "https://security.gentoo.org/glsa/202310-09" }, { "url": "https://security.netapp.com/advisory/ntap-20240605-0004/" } ], "source": { "advisory": "GHSA-9g78-jv2r-p7vc", "discovery": "UNKNOWN" }, "title": "0-byte UDP payload DoS in c-ares" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-32067", "datePublished": "2023-05-25T22:49:55.860Z", "dateReserved": "2023-05-01T16:47:35.314Z", "dateUpdated": "2024-08-02T15:03:28.668Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-31124
Vulnerability from cvelistv5
Published
2023-05-25 21:09
Modified
2024-08-02 14:45
Severity ?
EPSS score ?
Summary
AutoTools does not set CARES_RANDOM_FILE during cross compilation
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:45:25.746Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4" }, { "name": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-09" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "c-ares", "vendor": "c-ares", "versions": [ { "status": "affected", "version": "\u003c 1.19.1" } ] } ], "descriptions": [ { "lang": "en", "value": "c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-330", "description": "CWE-330: Use of Insufficiently Random Values", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-25T21:09:31.881Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4" }, { "name": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "url": "https://security.gentoo.org/glsa/202310-09" } ], "source": { "advisory": "GHSA-54xr-f67r-4pc4", "discovery": "UNKNOWN" }, "title": "AutoTools does not set CARES_RANDOM_FILE during cross compilation" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-31124", "datePublished": "2023-05-25T21:09:31.881Z", "dateReserved": "2023-04-24T21:44:10.415Z", "dateUpdated": "2024-08-02T14:45:25.746Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-31147
Vulnerability from cvelistv5
Published
2023-05-25 21:55
Modified
2024-08-02 14:45
Severity ?
EPSS score ?
Summary
Insufficient randomness in generation of DNS query IDs in c-ares
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:45:25.630Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2" }, { "name": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-09" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "c-ares", "vendor": "c-ares", "versions": [ { "status": "affected", "version": "\u003c 1.19.1" } ] } ], "descriptions": [ { "lang": "en", "value": "c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-330", "description": "CWE-330: Use of Insufficiently Random Values", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-25T21:55:47.585Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2" }, { "name": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "url": "https://security.gentoo.org/glsa/202310-09" } ], "source": { "advisory": "GHSA-8r8p-23f3-64c2", "discovery": "UNKNOWN" }, "title": "Insufficient randomness in generation of DNS query IDs in c-ares" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-31147", "datePublished": "2023-05-25T21:55:47.585Z", "dateReserved": "2023-04-24T21:44:10.418Z", "dateUpdated": "2024-08-02T14:45:25.630Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1000381
Vulnerability from cvelistv5
Published
2017-07-07 17:00
Modified
2024-08-05 22:00
Severity ?
EPSS score ?
Summary
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
References
▼ | URL | Tags |
---|---|---|
https://c-ares.haxx.se/0616.patch | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99148 | vdb-entry, x_refsource_BID | |
https://c-ares.haxx.se/adv_20170620.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:00:40.967Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://c-ares.haxx.se/0616.patch" }, { "name": "99148", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99148" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://c-ares.haxx.se/adv_20170620.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-06-20T00:00:00", "descriptions": [ { "lang": "en", "value": "The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://c-ares.haxx.se/0616.patch" }, { "name": "99148", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99148" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://c-ares.haxx.se/adv_20170620.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-1000381", "REQUESTER": "daniel@haxx.se", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://c-ares.haxx.se/0616.patch", "refsource": "CONFIRM", "url": "https://c-ares.haxx.se/0616.patch" }, { "name": "99148", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99148" }, { "name": "https://c-ares.haxx.se/adv_20170620.html", "refsource": "CONFIRM", "url": "https://c-ares.haxx.se/adv_20170620.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-1000381", "datePublished": "2017-07-07T17:00:00", "dateReserved": "2017-07-07T00:00:00", "dateUpdated": "2024-08-05T22:00:40.967Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-25629
Vulnerability from cvelistv5
Published
2024-02-23 14:52
Modified
2024-08-01 23:44
Severity ?
EPSS score ?
Summary
c-ares out of bounds read in ares__read_line()
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-25629", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-23T19:18:11.897134Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:35:14.331Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:44:09.807Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q" }, { "name": "https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "c-ares", "vendor": "c-ares", "versions": [ { "status": "affected", "version": "\u003c 1.27.0" } ] } ], "descriptions": [ { "lang": "en", "value": "c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-127", "description": "CWE-127: Buffer Under-read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-23T14:52:24.967Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q" }, { "name": "https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF/" } ], "source": { "advisory": "GHSA-mg26-v6qh-x48q", "discovery": "UNKNOWN" }, "title": "c-ares out of bounds read in ares__read_line()" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-25629", "datePublished": "2024-02-23T14:52:24.967Z", "dateReserved": "2024-02-08T22:26:33.512Z", "dateUpdated": "2024-08-01T23:44:09.807Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-14354
Vulnerability from cvelistv5
Published
2021-05-13 13:38
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.
References
▼ | URL | Tags |
---|---|---|
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/ | vendor-advisory, x_refsource_FEDORA | |
https://bugzilla.redhat.com/show_bug.cgi?id=1866838 | x_refsource_MISC | |
https://packetstormsecurity.com/files/158755/GS20200804145053.txt | x_refsource_MISC | |
https://c-ares.haxx.se/changelog.html | x_refsource_MISC | |
https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:39:36.541Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "FEDORA-2020-43d5a372fc", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://c-ares.haxx.se/changelog.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "c-ares", "vendor": "n/a", "versions": [ { "status": "affected", "version": "c-ares 1.16.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120-\u003eCWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-13T13:39:35", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "FEDORA-2020-43d5a372fc", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838" }, { "tags": [ "x_refsource_MISC" ], "url": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt" }, { "tags": [ "x_refsource_MISC" ], "url": "https://c-ares.haxx.se/changelog.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-14354", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "c-ares", "version": { "version_data": [ { "version_value": "c-ares 1.16.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-120-\u003eCWE-416" } ] } ] }, "references": { "reference_data": [ { "name": "FEDORA-2020-43d5a372fc", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838" }, { "name": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt", "refsource": "MISC", "url": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt" }, { "name": "https://c-ares.haxx.se/changelog.html", "refsource": "MISC", "url": "https://c-ares.haxx.se/changelog.html" }, { "name": "https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e", "refsource": "MISC", "url": "https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-14354", "datePublished": "2021-05-13T13:38:56", "dateReserved": "2020-06-17T00:00:00", "dateUpdated": "2024-08-04T12:39:36.541Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-22217
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 19:59
Severity ?
EPSS score ?
Summary
Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T14:51:10.438Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/c-ares/c-ares/issues/333" }, { "name": "[debian-lts-announce] 20230915 [SECURITY] [DLA 3567-1] c-ares security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00014.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-22217", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-03T19:59:20.865542Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-03T19:59:30.808Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-15T08:06:18.645150", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/c-ares/c-ares/issues/333" }, { "name": "[debian-lts-announce] 20230915 [SECURITY] [DLA 3567-1] c-ares security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00014.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-22217", "datePublished": "2023-08-22T00:00:00", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-10-03T19:59:30.808Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }