PT-2016-5667 · Gnu+3 · Glibc+3

Michael Petlan

·

Published

2016-02-19

·

Updated

2024-06-15

·

CVE-2016-3706

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions glibc (affected versions not specified)
Description The issue is a stack-based buffer overflow in the getaddrinfo function, which can be exploited by remote attackers to cause a denial of service, resulting in a crash. This is achieved through vectors involving hostent conversion. The problem exists due to an incomplete fix for a previous issue.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2016-1135
ALT-PU-2016-1480
CVE-2016-3706
DLA-494-1
MGASA-2016-0206
OPENSUSE-SU-2024:10154-1
SUSE-SU-2016:1721-1
SUSE-SU-2016:1733-1
SUSE-SU-2016:2156-1
SUSE-SU-2017:2699-1
SUSE-SU-2017:2700-1
USN-3239-1
USN-3239-2
USN-3239-3

Affected Products

Alt Linux
Suse
Ubuntu
Glibc