REDHAT-BUG-947882
First published: Wed Apr 03 2013(Updated: )
A stack (frame) overflow flaw, leading to denial of service (application crash), was found in the way getaddrinfo() routine (returning a list of address structures for particular request) of glibc, the collection of GNU libc libraries, processed certain requests. If an application linked against glibc accepted untrusted getaddrinfo() input remotely, a remote attacker could issue a specially-crafted request, which once processed would lead to that application crash. References: [1] <a href="https://bugzilla.novell.com/show_bug.cgi?id=813121">https://bugzilla.novell.com/show_bug.cgi?id=813121</a> [2] <a href="http://www.openwall.com/lists/oss-security/2013/04/03/2">http://www.openwall.com/lists/oss-security/2013/04/03/2</a> Proposed Novell patch: [3] <a href="http://bugzillafiles.novell.org/attachment.cgi?id=533210">http://bugzillafiles.novell.org/attachment.cgi?id=533210</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU C Library (glibc) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.novell.com/show_bug.cgi?id=813121
- http://www.openwall.com/lists/oss-security/2013/04/03/2
- http://bugzillafiles.novell.org/attachment.cgi?id=533210
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=731167&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=731167&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=947892
- http://sourceware.org/ml/libc-alpha/2013-04/msg00060.html
- https://access.redhat.com/security/cve/CVE-2013-1914
- http://www.openwall.com/lists/oss-security/2013/04/03/6
- http://sourceware.org/bugzilla/show_bug.cgi?id=15330
- http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1cef1b19089528db11f221e938f60b9b048945d7
- https://rhn.redhat.com/errata/RHSA-2013-0769.html
- https://rhn.redhat.com/errata/RHSA-2013-1605.html
- https://bugzilla.redhat.com/show_bug.cgi?id=947882
Frequently Asked Questions
What is the severity of REDHAT-BUG-947882?
The severity of REDHAT-BUG-947882 is considered high due to the potential for denial of service resulting from stack overflow.
How do I fix REDHAT-BUG-947882?
To fix REDHAT-BUG-947882, update the GNU glibc to the latest patched version provided by your distribution.
What applications are affected by REDHAT-BUG-947882?
Applications that are linked against the affected versions of GNU glibc are vulnerable to REDHAT-BUG-947882.
What is the nature of the vulnerability in REDHAT-BUG-947882?
REDHAT-BUG-947882 is a stack frame overflow vulnerability in the getaddrinfo() routine of glibc, leading to application crashes.
When was REDHAT-BUG-947882 discovered?
REDHAT-BUG-947882 was reported and documented in April 2013.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-1914
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gnu
- canonical/gnu c library (glibc)