38 matches found
CVE-2024-3219
The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don’t support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...
CVE-2024-3219
The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don’t support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...
CVE-2024-3219
CVE-2024-3219 affects CPython’s pure-Python socketpair fallback for AF_INET/AF_INET6 on platforms without AF_UNIX (e.g., Windows). The two sockets are not explicitly validated before returning, enabling a local race by a malicious local peer to exploit a connection race. Linux/macOS with AF_UNIX ...
CVE-2024-3219 Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection
The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don’t support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...
CVE-2024-3219 Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection
The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don’t support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...
CVE-2024-3219
The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don’t support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...
PSF-2024-7
The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don’t support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...
EulerOS 2.0 SP10 : glibc (EulerOS-SA-2024-1081)
According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an...
CVE-2023-4806
A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nssgethostbyname2r and nssgetcanonnamer hooks without...
CVE-2023-4806
A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nssgethostbyname2r and nssgetcanonnamer hooks without...
CVE-2023-4806
CVE-2023-4806 affects glibc’s getaddrinfo in an extremely rare NSS module configuration where only certain nss * gethostbyname2_r/getcanonname_r hooks are implemented and the _gethostbyname3_r hook is missing. The flaw can cause getaddrinfo to access memory that has been freed, potentially crashi...
CVE-2023-4806 Glibc: potential use-after-free in getaddrinfo()
A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nssgethostbyname2r and nssgetcanonnamer hooks without...
CVE-2023-4806
A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nssgethostbyname2r and nssgetcanonnamer hooks without implementing the...
Arista Networks EOS libresolv Overflow RCE (SA0017)
The version of Arista Networks EOS running on the remote device is affected by multiple stack-based buffer overflow conditions in the GNU libresolv library, specifically within the senddg and sendvc functions, when handling DNS responses that trigger a call to the getaddrinfo function with the...
glibc security and bug fix update
2.12-1.209.0.1 - Update newmode size to fix a possible corruption 2.12-1.209 - Fix AFINET6 getaddrinfo with nscd 1416496 2.12-1.208 - Update tests for struct sockaddrstorage changes 1338673 2.12-1.207 - Use FLCLOEXEC in internal calls to fopen 1012343. 2.12-1.206 - Fix CVE-2015-8779 glibc:...
Updated glibc packages fix security vulnerabilities
Updated glibc packages fix security vulnerabilities: It was found that glob implementation in glibc does not correctly handle overlong names in struct dirent buffers when GLOBALTDIRFUNC is used, causing large stack-based buffer overflow with controlled length and content CVE-2016-1234. A stack...
Stack overflow
Multiple stack-based buffer overflows in the 1 senddg and 2 sendvc functions in the libresolv library in the GNU C Library aka glibc or libc6 before 2.23 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted DNS response that triggers a call to...
CVE-2015-7547
Multiple stack-based buffer overflows in the 1 senddg and 2 sendvc functions in the libresolv library in the GNU C Library aka glibc or libc6 before 2.23 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted DNS response that triggers a call to...
CVE-2015-7547
Multiple stack-based buffer overflows in the 1 senddg and 2 sendvc functions in the libresolv library in the GNU C Library aka glibc or libc6 before 2.23 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted DNS response that triggers a call to...
FreeBSD : glibc -- getaddrinfo stack-based buffer overflow (2dd7e97e-d5e8-11e5-bcbd-bc5ff45d0f28)
Fabio Olive Leite reports : A stack-based buffer overflow was found in libresolv when invoked from nssdns, allowing specially crafted DNS responses to seize control of EIP in the DNS client. The buffer overflow occurs in the functions senddg send datagram and sendvc send TCP for the NSS module...