K06493172: glibc vulnerability CVE-2016-3706

Security Advisory Description Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library aka glibc or libc6 allows remote attackers to cause a denial of service crash via vectors involving hostent conversion. NOTE: this vulnerability exists because...

SUSE SLES12 Security Update : glibc (SUSE-SU-2023:0015-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:0015-1 advisory. - In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address...

EulerOS 2.0 SP3 : glibc (EulerOS-SA-2020-1388)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by...

CVE-2013-4357

The eglibc package before 2.14 incorrectly handled the getaddrinfo function. An attacker could use this issue to cause a denial of service...

Denial of service

The eglibc package before 2.14 incorrectly handled the getaddrinfo function. An attacker could use this issue to cause a denial of service...

CVE-2013-4357

The eglibc package before 2.14 incorrectly handled the getaddrinfo function. An attacker could use this issue to cause a denial of service...

NewStart CGSL CORE 5.05 / MAIN 5.05 : glibc Vulnerability (NS-SA-2019-0237)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has glibc packages installed that are affected by a vulnerability: - In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by...

Medium: glibc

Issue Overview: In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string,...

Arista Networks EOS libresolv Overflow RCE (SA0017)

The version of Arista Networks EOS running on the remote device is affected by multiple stack-based buffer overflow conditions in the GNU libresolv library, specifically within the senddg and sendvc functions, when handling DNS responses that trigger a call to the getaddrinfo function with the...

CVE-2016-3706

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library aka glibc or libc6 allows remote attackers to cause a denial of service crash via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for...

lib32-glibc: multiple issues

CVE-2016-1234 arbitrary code execution It was found that glob implementation in glibc does not correctly handle overlong names in struct dirent buffers when GLOBALTDIRFUNC is used, causing a large stack-based buffer overflow with controlled length and content. - CVE-2016-3706 denial of service A...

ESXi 5.5 < Build 3568722 / 6.0 < Build 3568940 glibc DNS Resolver RCE (VMSA-2016-0002) (remote check)

The remote VMware ESXi host is 5.5 prior to build 3568722 or 6.0 prior to build 3568940. It is, therefore, affected by a stack-based buffer overflow condition in the GNU C Library glibc DNS client-side resolver due to improper validation of user-supplied input when looking up names via the...

CVE-2015-7547

Multiple stack-based buffer overflows in the 1 senddg and 2 sendvc functions in the libresolv library in the GNU C Library aka glibc or libc6 before 2.23 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted DNS response that triggers a call to...

Stack overflow

Multiple stack-based buffer overflows in the 1 senddg and 2 sendvc functions in the libresolv library in the GNU C Library aka glibc or libc6 before 2.23 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted DNS response that triggers a call to...

CVE-2015-7547

Multiple stack-based buffer overflows in the 1 senddg and 2 sendvc functions in the libresolv library in the GNU C Library aka glibc or libc6 before 2.23 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted DNS response that triggers a call to...

CVE-2015-7547

Multiple stack-based buffer overflows in the 1 senddg and 2 sendvc functions in the libresolv library in the GNU C Library aka glibc or libc6 before 2.23 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted DNS response that triggers a call to...

UBUNTU-CVE-2013-7424

The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AIIDN flag is used, allows context-dependent attackers to cause a denial of service invalid free and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to pin...

Moderate: Red Hat Security Advisory: glibc security update

Updated glibc packages that fix one security issue are now available for Red Hat Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the CVE lin...

glibc: getaddrinfo() writes DNS queries to random file descriptors under high load

It was discovered that, under certain circumstances, glibc's getaddrinfo function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application...

Design/Logic Flaw

The senddg function in resolv/ressend.c in GNU C Library aka glibc or libc6 before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function...