CVE-2017-12133
Published: 7 September 2017
Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.
Notes
Author | Note |
---|---|
chrisccoulson | The CVE description doesn't seem to match the description in the linked bug report and upstream patch |
sbeattie | introduced in CVE-2016-4429 fix |
Priority
Status
Package | Release | Status |
---|---|---|
eglibc Launchpad, Ubuntu, Debian |
groovy |
Does not exist
|
hirsute |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
artful |
Does not exist
|
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
trusty |
Needed
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
mantic |
Does not exist
|
|
glibc Launchpad, Ubuntu, Debian |
groovy |
Not vulnerable
(2.26-0ubuntu2)
|
hirsute |
Not vulnerable
(2.26-0ubuntu2)
|
|
kinetic |
Not vulnerable
(2.26-0ubuntu2)
|
|
artful |
Not vulnerable
(2.26-0ubuntu2)
|
|
bionic |
Not vulnerable
(2.26-0ubuntu2)
|
|
cosmic |
Not vulnerable
(2.26-0ubuntu2)
|
|
disco |
Not vulnerable
(2.26-0ubuntu2)
|
|
eoan |
Not vulnerable
(2.26-0ubuntu2)
|
|
focal |
Not vulnerable
(2.26-0ubuntu2)
|
|
impish |
Not vulnerable
(2.26-0ubuntu2)
|
|
jammy |
Not vulnerable
(2.26-0ubuntu2)
|
|
lunar |
Not vulnerable
(2.26-0ubuntu2)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Released
(2.23-0ubuntu11.2)
|
|
zesty |
Ignored
(end of life)
|
|
mantic |
Not vulnerable
(2.26-0ubuntu2)
|
|
Patches: upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491 (master) upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=045e368799cd253ddbf8bdec42ed92e8ebb3ce67 (2.25) upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=36f173ab3709b4a920a833b9af67f30bcba1ea01 (2.24) |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.9 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |