Published: 24/02/2015 Updated: 01/09/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Subscribe to Enterprise Linux Server Aus

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) prior to 2.20 does not properly reuse file descriptors, which allows remote malicious users to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux server aus 6.5
opensuse opensuse 13.2
opensuse opensuse 13.1
canonical ubuntu linux 10.04
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
canonical ubuntu linux 14.10
gnu glibc

Debian Bug report logs - #722075 libc6: getaddrinfo() sends DNS queries to random file descriptors (CVE-2013-7423) Package: libc6; Maintainer for libc6 is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Source for libc6 is src:glibc (PTS, buildd, popcon) Reported by: Arnaud Le Blanc <arnaudlb@gmailcom> Date: ...

Several security issues were fixed in the GNU C Library ...

Synopsis Important: glibc security update Type/Severity Security Advisory: Important Topic Updated glibc packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 71 Extended Update SupportRed Hat Product Security has rated this update as having Important securityimpact Com ...

Synopsis Moderate: glibc security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated glibc packages that fix multiple security issues, several bugs, andadd one enhancement are now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...

A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code wi ...

It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data ...

Many Moxa devices suffer from command injection, cross site scripting, and outdated software vulnerabilities ...

Full Disclosure mailing list archives   By Date By Thread </form>    SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices  <!--X-Head-of-Messag ...

CWE-17 http://www.openwall.com/lists/oss-security/2015/01/28/20 https://github.com/golang/go/issues/6336 http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html https://sourceware.org/bugzilla/show_bug.cgi?id=15946 http://www.ubuntu.com/usn/USN-2519-1 http://www.securityfocus.com/bid/72844 https://security.gentoo.org/glsa/201602-02 https://access.redhat.com/errata/RHSA-2016:1207 http://rhn.redhat.com/errata/RHSA-2015-0863.html http://seclists.org/fulldisclosure/2021/Sep/0 http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722075 https://usn.ubuntu.com/2519-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-7423

CVE-2013-7423

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect