Published: 07/09/2017 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) prior to 2.26 allows remote malicious users to have unspecified impact via vectors related to error path.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc

Debian Bug report logs - #870648 glibc: CVE-2017-12133: Use-after-free in error path in clntudp_call Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 3 Aug 2017 19:45:01 UTC Severity: important Tags: ...

Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udpc in the GNU C Library (aka glibc or libc6) before 226 allows remote attackers to have unspecified impact via vectors related to error path ...

A use-after-free vulnerability has been found the GNU C Library (aka glibc or libc6) before version 226, in clntudp_call in the Sun RPC system ...

CWE-416 https://sourceware.org/bugzilla/show_bug.cgi?id=21115 https://www.securityfocus.com/bid/100679 https://usn.ubuntu.com/4416-1/https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=d42eed4a044e5e10dfb885cf9891c2518a72a491 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYZL6PAKI73XYRJYL5VLDGA4FFGWMB7A/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870648 https://nvd.nist.gov https://security.archlinux.org/CVE-2017-12133

CVE-2017-12133

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect