Lucene search

UbuntuUSN-5768-1

HistoryDec 08, 2022 - 12:00 a.m.

GNU C Library vulnerabilities

2022-12-0800:00:00

ubuntu.com

gnu c library

ubuntu 16.04 esm

vulnerabilities

iconv feature

dns response

fragmentation-based attacks

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.1

Confidence

Low

EPSS

0.02

Percentile

89.0%

JSON

Releases

Ubuntu 16.04 ESM

Packages

glibc - GNU C Library

Details

Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library
iconv feature incorrectly handled certain input sequences. An attacker
could possibly use this issue to cause the GNU C Library to hang or crash,
resulting in a denial of service. (CVE-2016-10228, CVE-2019-25013,
CVE-2020-27618)

It was discovered that the GNU C Library did not properly handled DNS
responses when ENDS0 is enabled. An attacker could possibly use this issue
to cause fragmentation-based attacks. (CVE-2017-12132)

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchlibc6< 2.23-0ubuntu11.3+esm3UNKNOWN
Ubuntu16.04noarchglibc-doc< 2.23-0ubuntu11.3UNKNOWN
Ubuntu16.04noarchglibc-source< 2.23-0ubuntu11.3UNKNOWN
Ubuntu16.04noarchlibc-bin< 2.23-0ubuntu11.3UNKNOWN
Ubuntu16.04noarchlibc-bin-dbgsym< 2.23-0ubuntu11.3UNKNOWN
Ubuntu16.04noarchlibc-dev-bin< 2.23-0ubuntu11.3UNKNOWN
Ubuntu16.04noarchlibc-dev-bin-dbgsym< 2.23-0ubuntu11.3UNKNOWN
Ubuntu16.04noarchlibc6< 2.23-0ubuntu11.3UNKNOWN
Ubuntu16.04noarchlibc6-dbg< 2.23-0ubuntu11.3UNKNOWN
Ubuntu16.04noarchlibc6-dbgsym< 2.23-0ubuntu11.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	16.04	noarch	libc6	< 2.23-0ubuntu11.3+esm3	UNKNOWN
Ubuntu	16.04	noarch	glibc-doc	< 2.23-0ubuntu11.3	UNKNOWN
Ubuntu	16.04	noarch	glibc-source	< 2.23-0ubuntu11.3	UNKNOWN
Ubuntu	16.04	noarch	libc-bin	< 2.23-0ubuntu11.3	UNKNOWN
Ubuntu	16.04	noarch	libc-bin-dbgsym	< 2.23-0ubuntu11.3	UNKNOWN
Ubuntu	16.04	noarch	libc-dev-bin	< 2.23-0ubuntu11.3	UNKNOWN
Ubuntu	16.04	noarch	libc-dev-bin-dbgsym	< 2.23-0ubuntu11.3	UNKNOWN
Ubuntu	16.04	noarch	libc6	< 2.23-0ubuntu11.3	UNKNOWN
Ubuntu	16.04	noarch	libc6-dbg	< 2.23-0ubuntu11.3	UNKNOWN
Ubuntu	16.04	noarch	libc6-dbgsym	< 2.23-0ubuntu11.3	UNKNOWN