Published: 21/01/2019 Updated: 06/08/2019

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.3 | Impact Score: 3.4 | Exploitability Score: 1.8

VMScore: 410

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

In the GNU C Library (aka glibc or libc6) up to and including 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc
opensuse leap 15.0

Debian Bug report logs - #920047 glibc: CVE-2016-10739: getaddrinfo should reject IP addresses with trailing characters Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 21 Jan 2019 20:54:04 UTC Severi ...

Synopsis Moderate: glibc security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for glibc is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...

Synopsis Moderate: glibc security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for glibc is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...

Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

In the GNU C Library (aka glibc or libc6) through 228, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentiall ...

Critical Infrastructure Sectors: Critical Manufacturing

imx yocto30

What is meta-timesys? This Yocto layer provides scripts for image manifest generation used for security monitoring and notification as part of the Timesys Vigiles product offering What is Vigiles? Vigiles is a vulnerability management tool that provides build-time Yocto CVE Analysis of target images It does this by collecting metadata about packages to be installed and upload

Vulnerability management tool that provides Yocto SBOM generation and CVE Analysis of target images.

What is meta-timesys? This Yocto layer provides scripts for image manifest generation used for security monitoring and notification as part of the Timesys Vigiles product offering What is Vigiles? Vigiles is a vulnerability management tool that provides build-time Yocto CVE Analysis of target images It does this by collecting metadata about packages to be installed and upload

CWE-20 https://sourceware.org/bugzilla/show_bug.cgi?id=20018 https://bugzilla.redhat.com/show_bug.cgi?id=1347549 http://www.securityfocus.com/bid/106672 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html https://access.redhat.com/errata/RHSA-2019:2118 https://access.redhat.com/errata/RHSA-2019:3513 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920047 https://nvd.nist.gov https://github.com/xlloss/meta-timesys https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10 https://alas.aws.amazon.com/AL2/ALAS-2020-1517.html

CVE-2016-10739

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect