Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote malicious users to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse opensuse 13.2 |
||
gnu glibc |
Nexus and Pixel owners get their fixes on US Tuesday. The rest of us peasants have to wait
Google has teased 47 Android patches for Nexus and Pixel devices. Among the critical bugs in the Android Security Bulletin, five concern the media framework, one is system-level, four hit Qualcomm components. The worst, Google said, is one of the media framework bugs, not yet fully disclosed, but it “could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process”. Two of the media framework bugs only affect Android 6.0 (31 p...