CVE-2023-4813

A flaw was found in glibc. In an uncommon situation, the gaihinet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue...

CVE-2023-4806

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nssgethostbyname2r and nssgetcanonnamer hooks without implementing the...

CVE-2023-4527

A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data...

PT-2023-5665

Name of the Vulnerable Software and Affected Versions glibc affected versions not specified Description A flaw was found in glibc. When the getaddrinfo function is called with the AF UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP...

glibc buffer error vulnerability

glibc GNU C Library is the C standard library implemented by the GNU Project. A security vulnerability exists in glibc, which stems from the fact that when the getaddrinfo function is called using the AFUNSPEC address family and is configured in no-aaaa mode via /etc/resolv.conf, TCP DNS response...

glibc Resource Management Error Vulnerability

glibc GNU C Library is a C standard library implemented by a GNU project of the GNU community. A resource management error vulnerability exists in glibc, which stems from the fact that when an NSS module implements only the nssgethostbyname2r hooks but not the nssgethostbyname3r hooks, the...

PT-2023-8453

Name of the Vulnerable Software and Affected Versions glibc affected versions not specified Description A flaw was found in glibc, where the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements...

Oracle Linux 8 : glibc (ELSA-2019-3513)

"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3513 advisory. 2.28-72.0.1 - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Orabug:...

K30002521: GNU C Library vulnerability CVE-2018-19591

Security Advisory Description In the GNU C Library aka glibc or libc6 through 2.28, attempting to resolve a crafted hostname via getaddrinfo leads to the allocation of a socket descriptor that is not closed. This is related to the ifnametoindex function. CVE-2018-19591 Impact There is no impact; ...

K16472: glibc vulnerability CVE-2013-7424

Security Advisory Description The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AIIDN flag is used, allows context-dependent attackers to cause a denial of service invalid free and possibly execute arbitrary code via unspecified vectors, as demonstrated by an...

K54423034: eglibc vulnerability CVE-2013-4357

Security Advisory Description The eglibc package before 2.14 incorrectly handled the getaddrinfo function. An attacker could use this issue to cause a denial of service. CVE-2013-4357 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Produc...

K06493172: glibc vulnerability CVE-2016-3706

Security Advisory Description Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library aka glibc or libc6 allows remote attackers to cause a denial of service crash via vectors involving hostent conversion. NOTE: this vulnerability exists because...

SUSE CVE-2013-1914

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library aka glibc or libc6 2.17 and earlier allows remote attackers to cause a denial of service crash via a 1 hostname or 2 IP address that triggers a large number of domain conversion results...

SUSE CVE-2013-4357

The eglibc package before 2.14 incorrectly handled the getaddrinfo function. An attacker could use this issue to cause a denial of service...

SUSE CVE-2013-4458

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library aka glibc or libc6 2.18 and earlier allows remote attackers to cause a denial of service crash via a 1 hostname or 2 IP address that triggers a large number of AFINET6 address results. NOTE: th...

SUSE CVE-2015-7547

Multiple stack-based buffer overflows in the 1 senddg and 2 sendvc functions in the libresolv library in the GNU C Library aka glibc or libc6 before 2.23 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted DNS response that triggers a call to...

SUSE CVE-2016-3706

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library aka glibc or libc6 allows remote attackers to cause a denial of service crash via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for...

SUSE CVE-2016-10739

In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the...

SUSE CVE-2018-19591

In the GNU C Library aka glibc or libc6 through 2.28, attempting to resolve a crafted hostname via getaddrinfo leads to the allocation of a socket descriptor that is not closed. This is related to the ifnametoindex function...

SUSE CVE-2021-22918

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...