PT-2016-3510 · Gnu+5 · Glibc+5

Joseph Myers

Published

2016-02-16

Updated

2024-06-15

CVE-2014-9761

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions glibc versions prior to 2.23

Description The issue is related to multiple stack-based buffer overflows in the GNU C Library. This can be exploited by context-dependent attackers to cause a denial of service, such as an application crash, or possibly execute arbitrary code. The overflows occur when a long argument is passed to certain functions, including the nan, nanf, or nanl functions.

Recommendations For versions prior to 2.23, update to version 2.23 or later to resolve the issue. As a temporary workaround, consider restricting the input to the nan, nanf, and nanl functions to prevent long arguments from being passed.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2016-1135

CESA-2017_0680

CESA-2017_1916

CVE-2014-9761

DLA-411-1

MGASA-2016-0079

OPENSUSE-SU-2016_0490-1

OPENSUSE-SU-2016_0510-1

OPENSUSE-SU-2024:10154-1

RHSA-2017:0680

RHSA-2017:1916

RHSA-2017_0680

RHSA-2017_1916

SUSE-SU-2016:0470-1

SUSE-SU-2016:0471-1

SUSE-SU-2016:0472-1

SUSE-SU-2016:0473-1

SUSE-SU-2016:0748-1

SUSE-SU-2016:0778-1

SUSE-SU-2016:0786-1

USN-2985-1

USN-2985-2

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Glibc

PT-2016-3510 · Gnu+5 · Glibc+5

CVE-2014-9761

Weakness Enumeration

Related Identifiers

Affected Products

References · 158