PT-2016-3510 · Gnu+5 · Glibc+5

Joseph Myers

Publicado

2016-02-16

Atualizado

2024-06-15

CVE-2014-9761

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions glibc versions prior to 2.23

Description The issue is related to multiple stack-based buffer overflows in the GNU C Library. This can be exploited by context-dependent attackers to cause a denial of service, such as an application crash, or possibly execute arbitrary code. The overflows occur when a long argument is passed to certain functions, including the nan, nanf, or nanl functions.

Recommendations For versions prior to 2.23, update to version 2.23 or later to resolve the issue. As a temporary workaround, consider restricting the input to the nan, nanf, and nanl functions to prevent long arguments from being passed.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2016-1135

CESA-2017_0680

CESA-2017_1916

CVE-2014-9761

DLA-411-1

MGASA-2016-0079

OPENSUSE-SU-2016_0490-1

OPENSUSE-SU-2016_0510-1

OPENSUSE-SU-2024:10154-1

RHSA-2017:0680

RHSA-2017:1916

RHSA-2017_0680

RHSA-2017_1916

SUSE-SU-2016:0470-1

SUSE-SU-2016:0471-1

SUSE-SU-2016:0472-1

SUSE-SU-2016:0473-1

SUSE-SU-2016:0748-1

SUSE-SU-2016:0778-1

SUSE-SU-2016:0786-1

USN-2985-1

USN-2985-2

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Glibc

PT-2016-3510 · Gnu+5 · Glibc+5

CVE-2014-9761

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 158