CVE-2018-19591

EUVD-2018-11280
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
gnuglibc
𝑥
≤ 2.28
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u10
fixed
jessie
not-affected
sid
2.40-3
fixed
stretch
not-affected
trixie
2.40-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
bionic
dne
cosmic
dne
disco
dne
eoan
dne
focal
dne
trusty
not-affected
xenial
dne
glibc
bionic
Fixed 2.27-3ubuntu1.2
released
cosmic
ignored
disco
not-affected
eoan
not-affected
focal
not-affected
trusty
dne
xenial
not-affected
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106037
http://www.securitytracker.com/id/1042174
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO7WHN52GFMC5F2I2232GFIPSSXWFV7G/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M52KE4YR3GNMHQUOS3DKAGZD5TQ5D5UH/
https://security.gentoo.org/glsa/201903-09
https://security.gentoo.org/glsa/201908-06
https://security.netapp.com/advisory/ntap-20190321-0003/
https://sourceware.org/bugzilla/show_bug.cgi?id=23927
https://sourceware.org/git/?p=glibc.git%3Ba=blob_plain%3Bf=NEWS%3Bhb=HEAD
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=d527c860f5a3f0ed687bd03f0cb464612dc23408
https://usn.ubuntu.com/4416-1/
http://www.securityfocus.com/bid/106037
http://www.securitytracker.com/id/1042174
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO7WHN52GFMC5F2I2232GFIPSSXWFV7G/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M52KE4YR3GNMHQUOS3DKAGZD5TQ5D5UH/
https://security.gentoo.org/glsa/201903-09
https://security.gentoo.org/glsa/201908-06
https://security.netapp.com/advisory/ntap-20190321-0003/
https://sourceware.org/bugzilla/show_bug.cgi?id=23927
https://sourceware.org/git/?p=glibc.git%3Ba=blob_plain%3Bf=NEWS%3Bhb=HEAD
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=d527c860f5a3f0ed687bd03f0cb464612dc23408
https://usn.ubuntu.com/4416-1/