CVE-2013-4357
First published: Tue Dec 31 2019(Updated: )
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eglibc Eglibc | <2.14 | |
| Novell Suse Linux Enterprise Server | =11.0-sp2 | |
| Debian Debian Linux | =6.0 | |
| Debian Debian Linux | =7.0 | |
| Canonical Ubuntu Linux | =10.04 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Fedoraproject Fedora | =18 | |
| Fedoraproject Fedora | =19 | |
| debian/eglibc |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html
- http://www.openwall.com/lists/oss-security/2013/09/17/4
- http://www.openwall.com/lists/oss-security/2013/09/17/8
- http://www.openwall.com/lists/oss-security/2015/01/28/18
- http://www.openwall.com/lists/oss-security/2015/01/29/21
- http://www.openwall.com/lists/oss-security/2015/02/24/3
- http://www.securityfocus.com/bid/67992
- http://www.ubuntu.com/usn/USN-2306-1
- http://www.ubuntu.com/usn/USN-2306-2
- http://www.ubuntu.com/usn/USN-2306-3
- https://access.redhat.com/security/cve/cve-2013-4357
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4357
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4357
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95103
- https://security-tracker.debian.org/tracker/CVE-2013-4357
- http://sourceware.org/bugzilla/show_bug.cgi?id=12671
- https://bugzilla.redhat.com/show_bug.cgi?id=797096
- https://sourceware.org/git/?p=glibc.git;a=commit;h=f2962a71959fd254a7a223437ca4b63b9e81130c
- https://sourceware.org/git/?p=glibc.git;a=commit;h=34a9094f49241ebb72084c536cf468fd51ebe3ec
- https://sourceware.org/git/?p=glibc.git;a=commit;h=c8fc0c91695b1c7003c7170861274161f9224817
Frequently Asked Questions
What is CVE-2013-4357?
CVE-2013-4357 is a vulnerability in the eglibc package before version 2.14.
How does CVE-2013-4357 impact systems?
CVE-2013-4357 could allow an attacker to cause a denial of service on affected systems.
Which software is affected by CVE-2013-4357?
The eglibc package before version 2.14 is affected, as well as certain versions of Novell SUSE Linux Enterprise Server, Debian Linux, Canonical Ubuntu Linux, and Fedora.
What is the severity of CVE-2013-4357?
CVE-2013-4357 has a severity rating of 7.5 (high).
Are there any available fixes for CVE-2013-4357?
There are no available fixes for CVE-2013-4357 at this time.
- collector/nvd-index
- collector/security-tracker-debian
- vendor/eglibc
- canonical/eglibc eglibc
- vendor/novell
- canonical/novell suse linux enterprise server
- version/novell suse linux enterprise server/11.0-sp2
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/6.0
- version/debian debian linux/7.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/10.04
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/18
- version/fedoraproject fedora/19
- package-manager/debian