CVE-2013-4458
EUVD-2013-432812.12.2013, 18:55
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 𝑥 ≤ 2.18 |
| gnu | glibc | 2.0 |
| gnu | glibc | 2.0.1 |
| gnu | glibc | 2.0.2 |
| gnu | glibc | 2.0.3 |
| gnu | glibc | 2.0.4 |
| gnu | glibc | 2.0.5 |
| gnu | glibc | 2.0.6 |
| gnu | glibc | 2.1 |
| gnu | glibc | 2.1.1 |
| gnu | glibc | 2.1.1.6 |
| gnu | glibc | 2.1.2 |
| gnu | glibc | 2.1.3 |
| gnu | glibc | 2.1.9 |
| gnu | glibc | 2.10.1 |
| gnu | glibc | 2.11 |
| gnu | glibc | 2.11.1 |
| gnu | glibc | 2.11.2 |
| gnu | glibc | 2.11.3 |
| gnu | glibc | 2.12.1 |
| gnu | glibc | 2.12.2 |
| gnu | glibc | 2.13 |
| gnu | glibc | 2.14 |
| gnu | glibc | 2.14.1 |
| gnu | glibc | 2.15 |
| gnu | glibc | 2.16 |
| gnu | glibc | 2.17 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References