Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2013-270
HistoryDec 17, 2013 - 9:39 p.m.

Medium: glibc

2013-12-1721:39:00
alas.aws.amazon.com
16

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.16 Low

EPSS

Percentile

95.9%

JSON

Issue Overview:

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc’s memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332)

A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash. (CVE-2013-0242)

It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914)

Affected Packages:

glibc

Issue Correction:
Run yum update glibc to update your system.

New Packages:

i686:  
    glibc-2.12-1.132.45.amzn1.i686  
    glibc-utils-2.12-1.132.45.amzn1.i686  
    glibc-debuginfo-common-2.12-1.132.45.amzn1.i686  
    glibc-common-2.12-1.132.45.amzn1.i686  
    glibc-headers-2.12-1.132.45.amzn1.i686  
    glibc-static-2.12-1.132.45.amzn1.i686  
    glibc-debuginfo-2.12-1.132.45.amzn1.i686  
    nscd-2.12-1.132.45.amzn1.i686  
    glibc-devel-2.12-1.132.45.amzn1.i686  
  
src:  
    glibc-2.12-1.132.45.amzn1.src  
  
x86_64:  
    glibc-2.12-1.132.45.amzn1.x86_64  
    nscd-2.12-1.132.45.amzn1.x86_64  
    glibc-devel-2.12-1.132.45.amzn1.x86_64  
    glibc-common-2.12-1.132.45.amzn1.x86_64  
    glibc-debuginfo-2.12-1.132.45.amzn1.x86_64  
    glibc-headers-2.12-1.132.45.amzn1.x86_64  
    glibc-static-2.12-1.132.45.amzn1.x86_64  
    glibc-debuginfo-common-2.12-1.132.45.amzn1.x86_64  
    glibc-utils-2.12-1.132.45.amzn1.x86_64

Additional References

Red Hat: CVE-2013-0242, CVE-2013-1914, CVE-2013-4332

Mitre: CVE-2013-0242, CVE-2013-1914, CVE-2013-4332

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686glibc< 2.12-1.132.45.amzn1glibc-2.12-1.132.45.amzn1.i686.rpm
Amazon Linux1i686glibc-utils< 2.12-1.132.45.amzn1glibc-utils-2.12-1.132.45.amzn1.i686.rpm
Amazon Linux1i686glibc-debuginfo-common< 2.12-1.132.45.amzn1glibc-debuginfo-common-2.12-1.132.45.amzn1.i686.rpm
Amazon Linux1i686glibc-common< 2.12-1.132.45.amzn1glibc-common-2.12-1.132.45.amzn1.i686.rpm
Amazon Linux1i686glibc-headers< 2.12-1.132.45.amzn1glibc-headers-2.12-1.132.45.amzn1.i686.rpm
Amazon Linux1i686glibc-static< 2.12-1.132.45.amzn1glibc-static-2.12-1.132.45.amzn1.i686.rpm
Amazon Linux1i686glibc-debuginfo< 2.12-1.132.45.amzn1glibc-debuginfo-2.12-1.132.45.amzn1.i686.rpm
Amazon Linux1i686nscd< 2.12-1.132.45.amzn1nscd-2.12-1.132.45.amzn1.i686.rpm
Amazon Linux1i686glibc-devel< 2.12-1.132.45.amzn1glibc-devel-2.12-1.132.45.amzn1.i686.rpm
Amazon Linux1x86_64glibc< 2.12-1.132.45.amzn1glibc-2.12-1.132.45.amzn1.x86_64.rpm
Rows per page:
1-10 of 181

Related

oraclelinux 3
openvas 47
nessus 47
redhat 4
centos 3
securityvulns 4
veracode 3
ubuntu 1
ibm 5
ubuntucve 4
cve 4
altlinux 3
prion 4
debiancve 4
fedora 6
vmware 4
suse 2
mageia 1
gentoo 1
debian 1
osv 1
f5 2
packetstorm 1
zdt 1
oraclelinux
oraclelinux
glibc security, bug fix, and enhancement update
2013-11-25 00:00:00
glibc security and bug fix update
2013-04-24 00:00:00
glibc security and bug fix update
2013-10-08 00:00:00
openvas
openvas
RedHat Update for glibc RHSA-2013:1605-02
2013-11-21 00:00:00
RedHat Update for glibc RHSA-2013:1605-02
2013-11-21 00:00:00
Amazon Linux: Security Advisory (ALAS-2013-270)
2015-09-08 00:00:00
nessus
nessus
CentOS 6 : glibc (CESA-2013:1605)
2014-11-12 00:00:00
Amazon Linux AMI : glibc (ALAS-2013-270)
2013-12-23 00:00:00
Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20131121)
2013-12-04 00:00:00
redhat
redhat
(RHSA-2013:1605) Moderate: glibc security, bug fix, and enhancement update
2013-11-21 00:00:00
(RHSA-2013:0769) Low: glibc security and bug fix update
2013-04-24 00:00:00
(RHSA-2013:1411) Moderate: glibc security and bug fix update
2013-10-08 00:00:00
centos
centos
glibc, nscd security update
2013-11-26 13:31:38
glibc, nscd security update
2013-04-24 21:58:40
glibc, nscd security update
2013-10-08 20:20:03
securityvulns
securityvulns
GNU glibc security vulnerabilities
2013-05-09 00:00:00
[ MDVSA-2013:163 ] glibc
2013-05-09 00:00:00
[ MDVSA-2013:284 ] glibc
2013-12-01 00:00:00
veracode
veracode
Stack-based Buffer Overflow
2019-05-02 04:44:45
Denial Of Service (DoS)
2019-01-15 09:00:29
Denial Of Service (DoS)
2019-01-15 08:52:21
ubuntu
ubuntu
GNU C Library vulnerabilities
2013-10-21 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in glibc affects Integrated Management Module 2 (IMM2) (CVE-2013-4332)
2019-01-31 01:55:01
Security Bulletin: Vulnerabilities in glibc affect the IBM Flex System Manager (FSM): (CVE-2013-4332, CVE-2014-0475, CVE-2014-5119)
2019-01-31 01:35:01
Security Bulletin: Apache Tomcat vulnerabilities on IBM System Storage Storwize V7000 Unified (CVE-2013-4286 CVE-2013-4332 CVE-2014-0075 CVE-2014-0099)
2018-06-18 00:08:33
ubuntucve
ubuntucve
CVE-2013-4332
2013-10-09 00:00:00
CVE-2013-1914
2013-04-29 00:00:00
CVE-2013-0242
2013-02-08 00:00:00
cve
cve
CVE-2013-4332
2013-10-09 22:55:00
CVE-2013-1914
2013-04-29 22:55:00
CVE-2013-0242
2013-02-08 20:55:00
altlinux
altlinux
Security fix for the ALT Linux 6 package glibc version 6:2.11.3-alt8.M60P.3
2015-12-23 00:00:00
Security fix for the ALT Linux 9 package glibc version 6:2.17-alt6
2014-01-11 00:00:00
Security fix for the ALT Linux 7 package glibc version 6:2.17-alt6
2014-01-11 00:00:00
prion
prion
Integer overflow
2013-10-09 22:55:00
Stack overflow
2013-04-29 22:55:00
Buffer overflow
2013-02-08 20:55:00
debiancve
debiancve
CVE-2013-4332
2013-10-09 22:55:00
CVE-2013-1914
2013-04-29 22:55:00
CVE-2013-0242
2013-02-08 20:55:00
fedora
fedora
[SECURITY] Fedora 17 Update: glibc-2.15-59.fc17
2013-06-02 01:58:33
[SECURITY] Fedora 18 Update: glibc-2.16-30.fc18
2013-03-30 21:30:28
[SECURITY] Fedora 20 Update: glibc-2.18-9.fc20
2013-09-26 06:13:02
vmware
vmware
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
VMware vSphere updates to third party libraries
2014-03-11 00:00:00
suse
suse
Security update for glibc (important)
2014-09-12 06:04:16
Security update for glibc (important)
2014-09-15 19:04:18
mageia
mageia
Updated glibc package fixes security vulnerabilities
2013-11-22 22:44:49
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2015-03-08 00:00:00
debian
debian
[SECURITY] [DLA 165-1] eglibc security update
2015-03-06 15:39:53
osv
osv
eglibc - security update
2015-03-06 00:00:00
f5
f5
K15640 : GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458
2014-10-02 00:00:00
SOL15640 - GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458
2014-10-02 00:00:00
packetstorm
packetstorm
Moxa Command Injection / Cross Site Scripting / Vulnerable Software
2021-09-01 00:00:00
zdt
zdt
Moxa Command Injection / Cross Site Scripting Vulnerabilities
2021-09-01 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.16 Low

EPSS

Percentile

95.9%

JSON
Related for ALAS-2013-270
oraclelinux3openvas47nessus47redhat4centos3securityvulns4veracode3ubuntu1ibm5ubuntucve4cve4altlinux3prion4debiancve4fedora6vmware4suse2mageia1gentoo1debian1osv1f52packetstorm1zdt1