Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | <= 5.19.* |