CWE
17
Advisory Published
CVE Published
Updated

CVE-2013-7423

First published: Thu Jan 29 2015(Updated: )

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Red Hat Enterprise Linux Server=6.5
Ubuntu=10.04
Ubuntu=12.04
Ubuntu=14.04
Ubuntu=14.10
SUSE Linux=13.1
SUSE Linux=13.2
GNU C Library (glibc)<2.20

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2013-7423?

    CVE-2013-7423 has a medium severity rating due to its potential to allow remote attackers to send DNS queries to unintended locations.

  • How do I fix CVE-2013-7423?

    To mitigate CVE-2013-7423, update the GNU C Library to version 2.20 or later as recommended by your operating system vendor.

  • Which software versions are affected by CVE-2013-7423?

    CVE-2013-7423 affects various versions of the GNU C Library and several Linux distributions including Red Hat Enterprise Linux 6.5 and multiple versions of Ubuntu and openSUSE.

  • What type of attack does CVE-2013-7423 enable?

    CVE-2013-7423 enables remote attackers to exploit file descriptor reuse issues in DNS queries, leading to potential information leakage.

  • Is CVE-2013-7423 still a threat today?

    While CVE-2013-7423 has been addressed in later versions of software, systems running affected versions remain vulnerable if not updated.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203