PT-2013-1306 · Gnu+5 · Gnu C Library+5

Siddhesh Poyarekar

Published

2013-11-22

Updated

2024-06-15

CVE-2013-4458

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions GNU C Library (aka glibc or libc6) versions 2.18 and earlier

Description The issue is a stack-based buffer overflow in the getaddrinfo function, which can be triggered by a hostname or IP address that results in a large number of AF INET6 address results, allowing remote attackers to cause a denial of service (crash). This problem exists due to an incomplete fix for a previous issue.

Recommendations For GNU C Library (aka glibc or libc6) versions 2.18 and earlier, consider updating to a version that includes a complete fix for this issue. As a temporary workaround, restrict the use of the getaddrinfo function to minimize the risk of exploitation. Avoid using hostnames or IP addresses that may trigger a large number of AF INET6 address results until the issue is resolved.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2014-1035

ALT-PU-2015-2084

BDU:2016-02234

CESA-2014_1391

CVE-2013-4458

DLA-165-1

MGASA-2013-0340

OPENSUSE-SU-2024:10154-1

RHSA-2014:1391

RHSA-2014_1391

SUSE-RU-2015:0794-1

SUSE-SU-2015:0253-1

SUSE-SU-2015:0439-1

SUSE-SU-2016:0470-1

USN-2306-1

Affected Products

Alt Linux

Centos

Gnu C Library

Red Hat

Suse

Ubuntu

PT-2013-1306 · Gnu+5 · Gnu C Library+5

CVE-2013-4458

Weakness Enumeration

Related Identifiers

Affected Products

References · 258