PT-2018-2383

Name of the Vulnerable Software and Affected Versions glibc versions through 2.28 Description The issue is related to insufficient input validation in the getaddrinfo function, which can lead to the invocation of the if nametoindex function with incorrect parameters. This can be exploited by a...

SUSE SLES11 Security Update : glibc (SUSE-SU-2018:0874-1)

This update for glibc fixes the following issues: Security issues fixed : - CVE-2017-12133: Avoid use-after-free read access in clntudpcall bsc1081556 Non security issue fixed : - Fix incorrect getaddrinfo assertion trigger bsc1076871 Note that Tenable Network Security has extracted the preceding...

SUSE-SU-2018:0874-1 Security update for glibc

This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-12133: Avoid use-after-free read access in clntudpcall bsc1081556 Non security issue fixed: - Fix incorrect getaddrinfo assertion trigger bsc1076871...

Arista Networks EOS libresolv Overflow RCE (SA0017)

The version of Arista Networks EOS running on the remote device is affected by multiple stack-based buffer overflow conditions in the GNU libresolv library, specifically within the senddg and sendvc functions, when handling DNS responses that trigger a call to the getaddrinfo function with the...

USN-3239-2: GNU C Library Regression

USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI change within the resolver library. This update reverts the change. We apologize for the inconvenience. Please note that long-running services that were restarted to compensa...

USN-3239-1 eglibc, glibc vulnerabilities

It was discovered that the GNU C Library incorrectly handled the strxfrm function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2015-8982 It was discovered that an integer...

How to by CVE-2015-7547(GLIBC getaddrinfo)vulnerability to bypass ASLR-exploits warning-the black bar safety net

! 0x01 introduction 2016 2 on 16 May, Google disclosed a critical buffer overflow vulnerability in the GLIBC library in the getaddrinfo function in the trigger. At the same time they also provided a copy of the PoC. Based on this, in this article, we will show how to by CVE-2015-7547 bypass ASLR...

The vulnerabilities of the library that provides system calls and core functions in glibc allow a malicious actor to cause a service failure or execute arbitrary code.

Multiple vulnerabilities exist in the functions senddg and sendvc of the libresolv module’s library, which provides system calls and core functions for the glibc library. These vulnerabilities allow a malicious actor to trigger service failures or execute arbitrary code through a specially crafte...

The vulnerability of the library that handles system calls and core functions of glibc allows a attacker to cause a service failure.

The vulnerability of the getaddrinfo function sysdeps/posix/getaddrinfo.c in the library that provides system calls and core functions of glibc arises from a buffer overflow in the stack. Exploiting this vulnerability allows an attacker, operating remotely, to cause a service failure by specifyin...

glibc - getaddrinfo Remote Stack Buffer Overflow

glibc - getaddrinfo Remote Stack Buffer Overflow / add by SpeeDr00t@Blackfalcon jang kyoung chip This is a published vulnerability by google in the past. Please refer to the link below. Reference: - https://googleonlinesecurity.blogspot.kr/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html -...

glibc getaddrinfo Stack Buffer Overflow

add by SpeeDr00t@Blackfalcon jang kyoung chip This is a published vulnerability by google in the past. Please refer to the link below. Reference: - https://googleonlinesecurity.blogspot.kr/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html - https://github.com/fjserna/CVE-2015-7547 - CVE-2015-754...

glibc - 'getaddrinfo' Remote Stack Buffer Overflow

/ add by SpeeDr00t@Blackfalcon jang kyoung chip This is a published vulnerability by google in the past. Please refer to the link below. Reference: - https://googleonlinesecurity.blogspot.kr/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html - https://github.com/fjserna/CVE-2015-7547 -...

SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1733-1)

This update for glibc provides the following fixes : - Increase DTVSURPLUS limit. bsc968787 - Do not copy dname field of struct dirent. CVE-2016-1234, bsc969727 - Fix memory leak in nssdnsgethostbyname4r. bsc973010 - Fix stack overflow in nssdnsgetnetbynamer. CVE-2016-3075, bsc973164 - Fix malloc...

SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1721-1)

This update for glibc provides the following fixes : - Increase DTVSURPLUS limit. bsc968787 - Do not copy dname field of struct dirent. CVE-2016-1234, bsc969727 - Fix memory leak in nssdnsgethostbyname4r. bsc973010 - Fix stack overflow in nssdnsgetnetbynamer. CVE-2016-3075, bsc973164 - Fix malloc...

openSUSE Security Update : glibc (openSUSE-2016-852)

This update for glibc provides the following fixes : - Increase DTVSURPLUS limit. bsc968787 - Do not copy dname field of struct dirent. CVE-2016-1234, bsc969727 - Fix memory leak in nssdnsgethostbyname4r. bsc973010 - Fix stack overflow in nssdnsgetnetbynamer. CVE-2016-3075, bsc973164 - Fix malloc...

GNU C Library getaddrinfo function stack buffer overflow vulnerability

glibc is the libc library, or c runtime library, released by GNU. A stack buffer overflow vulnerability exists in the GNU C Library glibc or libc6 sysdeps/posix/getaddrinfo.c/getaddrinfo function. A remote attacker can cause a denial of service via hostent conversion...

DEBIAN-CVE-2016-3706

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library aka glibc or libc6 allows remote attackers to cause a denial of service crash via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for...

CVE-2016-3706

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library aka glibc or libc6 allows remote attackers to cause a denial of service crash via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for...

Stack overflow

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library aka glibc or libc6 allows remote attackers to cause a denial of service crash via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for...

CVE-2016-3706

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library aka glibc or libc6 allows remote attackers to cause a denial of service crash via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for...