CVE-2013-4458
Published: 12 December 2013
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.
Notes
Author | Note |
---|---|
sbeattie | this fix was also incomplete, leading to CVE-2016-3706 |
Priority
Status
Package | Release | Status |
---|---|---|
eglibc Launchpad, Ubuntu, Debian |
lucid |
Released
(2.11.1-0ubuntu7.14)
|
precise |
Released
(2.15-0ubuntu10.6)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Not vulnerable
(2.18-0ubuntu1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: https://sourceware.org/git/?p=glibc.git;h=7cbcdb3699584db8913ca90f705d6337633ee10f |