Lucene search

K

[email protected]NVD:CVE-2013-7424

HistoryAug 26, 2015 - 7:59 p.m.

CVE-2013-7424

2015-08-2619:59:00

CWE-17

[email protected]

web.nvd.nist.gov

1

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.7%

The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.

Affected configurations

NVD

Node

gnuglibcRange≤2.14.1

References

rhn.redhat.com/errata/RHSA-2015-1627.html

www.openwall.com/lists/oss-security/2015/01/29/21

www.securityfocus.com/bid/72710

bugzilla.redhat.com/show_bug.cgi?id=1186614

bugzilla.redhat.com/show_bug.cgi?id=981942

sourceware.org/bugzilla/show_bug.cgi?id=18011

sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=2e96f1c7

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.7%

Related for NVD:CVE-2013-7424

nessus7 ubuntucve1 ibm6 prion1 redhat1 centos1 debiancve1 openvas6 veracode1 cve1 cvelist1 f52 oraclelinux1 securityvulns2 osv2 debian2