In the GNU C Library (aka glibc or libc6) through 2.28 the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters which could lead applications to incorrectly assume that it had parsed a valid string without the possibility of embedded HTTP headers or other potentially dangerous substrings.

🗓️ 18 Aug 2020 07:00:00Reported by MicrosoftType

mscve

mscve🔗 msrc.microsoft.com👁 3 Views

glibc getaddrinfo could parse an Internet Protocol version four address with trailing junk.

Reporter	Title	Published	Views	Family All 108
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.	11 Apr 202311:47	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.	26 Mar 202503:30	–	ibm
Tenable Nessus	Amazon Linux 2 : glibc (ALAS-2020-1517)	28 Oct 202000:00	–	nessus
Tenable Nessus	Amazon Linux AMI : glibc (ALAS-2019-1320)	25 Nov 201900:00	–	nessus
Tenable Nessus	Amazon Linux AMI : python27 (ALAS-2020-1375)	4 Jun 202000:00	–	nessus
Tenable Nessus	CentOS 8 : glibc (CESA-2019:3513)	29 Jan 202100:00	–	nessus
Tenable Nessus	CentOS 7 : glibc (CESA-2019:2118)	30 Aug 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP5 : glibc (EulerOS-SA-2019-2155)	12 Nov 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : glibc (EulerOS-SA-2019-2307)	3 Dec 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : glibc (EulerOS-SA-2019-2476)	4 Dec 201900:00	–	nessus

Vulners

Node

microsoft cm1_glibc_2.28-12Range<2.28-12

18 Aug 2020 07:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 24.6

CVSS 35.3

CVSS 3.15.3

EPSS0.0004

gnu c library getaddrinfo parsing vulnerability internet protocol address trailing junk