Lucene search

K
archlinuxArch LinuxASA-201605-20
HistoryMay 13, 2016 - 12:00 a.m.

lib32-glibc: multiple issues

2016-05-1300:00:00
Arch Linux
lists.archlinux.org
14

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

84.6%

  • CVE-2016-1234 (arbitrary code execution)

It was found that glob implementation in glibc does not correctly
handle overlong names in struct dirent buffers when GLOB_ALTDIRFUNC is
used, causing a large stack-based buffer overflow with controlled length
and content.

  • CVE-2016-3706 (denial of service)

A stack (frame) overflow flaw, which could lead to a denial of service
(application crash), was found in the way glibc’s getaddrinfo()
function processed certain requests when called with AF_INET or
AF_INET6.

OSVersionArchitecturePackageVersionFilename
anyanyanylib32-glibc< 2.23-4UNKNOWN

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

84.6%

Related for ASA-201605-20