First published: Thu Dec 12 2013(Updated: )
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
GNU glibc | <=2.18 | |
GNU glibc | =2.0 | |
GNU glibc | =2.0.1 | |
GNU glibc | =2.0.2 | |
GNU glibc | =2.0.3 | |
GNU glibc | =2.0.4 | |
GNU glibc | =2.0.5 | |
GNU glibc | =2.0.6 | |
GNU glibc | =2.1 | |
GNU glibc | =2.1.1 | |
GNU glibc | =2.1.1.6 | |
GNU glibc | =2.1.2 | |
GNU glibc | =2.1.3 | |
GNU glibc | =2.1.9 | |
GNU glibc | =2.10.1 | |
GNU glibc | =2.11 | |
GNU glibc | =2.11.1 | |
GNU glibc | =2.11.2 | |
GNU glibc | =2.11.3 | |
GNU glibc | =2.12.1 | |
GNU glibc | =2.12.2 | |
GNU glibc | =2.13 | |
GNU glibc | =2.14 | |
GNU glibc | =2.14.1 | |
GNU glibc | =2.15 | |
GNU glibc | =2.16 | |
GNU glibc | =2.17 | |
SUSE Linux Enterprise Debuginfo | =11-sp2 | |
SUSE Linux Enterprise Server | =11-sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.