Published: 12/12/2013 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and previous versions allows remote malicious users to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc 2.1.2
gnu glibc 2.11
gnu glibc 2.0.5
gnu glibc 2.0.6
gnu glibc 2.10.1
gnu glibc 2.1.1
gnu glibc 2.17
gnu glibc 2.14
gnu glibc 2.0.3
gnu glibc 2.0
gnu glibc 2.13
gnu glibc 2.1.1.6
gnu glibc 2.1
gnu glibc 2.1.9
gnu glibc 2.12.1
gnu glibc 2.0.1
gnu glibc
gnu glibc 2.14.1
gnu glibc 2.11.2
gnu glibc 2.0.4
gnu glibc 2.0.2
gnu glibc 2.16
gnu glibc 2.11.3
gnu glibc 2.11.1
gnu glibc 2.1.3
gnu glibc 2.15
gnu glibc 2.12.2
suse linux enterprise debuginfo 11
suse linux enterprise server 11

USN-2306-1 introduced a regression in the GNU C Library ...

Several security issues were fixed in the GNU C Library ...

Debian Bug report logs - #687530 eglibc: CVE-2012-4412: strcoll integer / buffer overflow Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 13 Sep 2012 14:21:01 UTC Severity: important Tags: patch, security Found in versions eglibc/2113-4, eglibc/217-93 Fix ...

Debian Bug report logs - #689423 eglibc: CVE-2012-4424: stack overflow in strcoll() Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 2 Oct 2012 13:12:01 UTC Severity: important Tags: patch, security Found in versions eglibc/2113-4, eglibc/217-93 Fixed in ...

Debian Bug report logs - #717178 CVE-2013-4788: PTR_MANGLE ineffective for statically linked binaries Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Wed, 17 Jul 2013 14:24:01 UTC Severity: important Tags: security Found in versions eglibc/2113-4, eglibc/217-9 ...

Debian Bug report logs - #722536 eglibc: CVE-2013-4332 Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 12 Sep 2013 05:27:02 UTC Severity: grave Tags: patch, security Fixed in versions eglibc/217-93, eglibc/213-38+deb7u1 Done: Aurelien Jarno <aurel32@de ...

Debian Bug report logs - #719558 eglibc: CVE-2013-4237 Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 13 Aug 2013 05:15:02 UTC Severity: important Tags: security Found in versions eglibc/2113-4, eglibc/217-93 Fixed in versions eglibc/217-94, eglibc/213 ...

Debian Bug report logs - #727181 eglibc: CVE-2013-4458: Stack (frame) overflow in getaddrinfo() when called with AF_INET6 Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 23 Oct 2013 04:54:01 UTC Severity: important Tags: security, upstream Fixed in vers ...

It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash ...

CWE-119 https://sourceware.org/bugzilla/show_bug.cgi?id=16072 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html https://security.gentoo.org/glsa/201503-04 https://nvd.nist.gov https://usn.ubuntu.com/2306-3/https://access.redhat.com/security/cve/cve-2013-4458

Get Started

CVE-2013-4458

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect