First published: Tue Dec 04 2018(Updated: )
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU glibc | <=2.28 | |
Fedoraproject Fedora | =28 | |
Fedoraproject Fedora | =29 | |
debian/glibc | 2.31-13+deb11u11 2.31-13+deb11u10 2.36-9+deb12u9 2.36-9+deb12u7 2.40-4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-19591 is a vulnerability in the GNU C Library (glibc) through version 2.28.
CVE-2018-19591 occurs when a crafted hostname is resolved using the getaddrinfo() function, leading to the allocation of a socket descriptor that is not closed.
CVE-2018-19591 has a severity rating of 7.5 (high).
GNU glibc versions up to 2.28, Fedoraproject Fedora versions 28 and 29 are affected by CVE-2018-19591.
There are security updates available for GNU glibc and Fedoraproject Fedora to address CVE-2018-19591. Apply the latest patches provided by the respective vendors.