Описание
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
Отчет
Based on technical analysis of this flaw: On Red Hat Enterprise Linux 6: No looping behaviour was observed. Without the looping behavior, the alloca should be harmless for pretty much all applications because the size argument depends on the size of the generated (outgoing) UDP packet and will be well below default stack sizes. Therefore it is not affected by this flaw. On Red Hat Enterprise Linux 7: Looping behaviour was observed and segfaults with small stack sizes. -fstack-class-protection will turn this into a reliable crash (no code execution possible). Even without that build flag, this will not be exploitable in most cases because the application determines the alloca argument, based on the generated UDP packet (not the response). This will usually be smaller than a page. The maximum impact is therefore crash, there is no code execution involved. This issue was fixed in glibc-2.23.1, therefore Red Hat Enterprise Linux 8 is not affected by this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | compat-glibc | Not affected | ||
| Red Hat Enterprise Linux 5 | glibc | Not affected | ||
| Red Hat Enterprise Linux 6 | compat-glibc | Not affected | ||
| Red Hat Enterprise Linux 6 | glibc | Not affected | ||
| Red Hat Enterprise Linux 6 | libtirpc | Not affected | ||
| Red Hat Enterprise Linux 7 | compat-glibc | Not affected | ||
| Red Hat Enterprise Linux 7 | glibc | Will not fix | ||
| Red Hat Enterprise Linux 7 | libtirpc | Will not fix | ||
| Red Hat Enterprise Linux 8 | glibc | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
2.6 Low
CVSS2
Связанные уязвимости
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
Stack-based buffer overflow in the clntudp_call function in sunrpc/cln ...
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
Уязвимость функции clntudp_call (sunrpc/clnt_udp.c) в библиотеке GNU C (glibc или libc6), связанная с записью за границами буфера в памяти, позволяющая нарушителю вводить и выполнять произвольные команды или вызвать отказ в обслуживании
EPSS
5.9 Medium
CVSS3
2.6 Low
CVSS2