Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-4458

Опубликовано: 22 окт. 2013
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.

It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.

Отчет

This issue affects the versions of glibc as shipped with Red Hat Enterprise Linux 5. This issue is not planned to be fixed in Red Hat Enterprise Linux 5 as it is now in Production 3 Phase of the support and maintenance life cycle, https://access.redhat.com/support/policy/updates/errata

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5glibcWill not fix
Red Hat Enterprise Linux 7glibcNot affected
Red Hat Enterprise Linux 6glibcFixedRHSA-2014:139113.10.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=1022280glibc: Stack (frame) overflow in getaddrinfo() when called with AF_INET6

EPSS

Процентиль: 78%
0.01239
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-4458

ubuntu
больше 11 лет назад

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.

nvd логотип

CVE-2013-4458

nvd
больше 11 лет назад

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.

debian логотип

CVE-2013-4458

debian
больше 11 лет назад

Stack-based buffer overflow in the getaddrinfo function in sysdeps/pos ...

github логотип

GHSA-jcwq-q9mq-r3fv

github
больше 3 лет назад

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.

fstec логотип

BDU:2016-02234

fstec
больше 11 лет назад

Уязвимость библиотеки, обеспечивающей системные вызовы и основные функции glibc, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 78%
0.01239
Низкий

4.3 Medium

CVSS2