5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
glibc is vulnerable to denial of service. An invalid free flaw was found in glibc’s getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support.
rhn.redhat.com/errata/RHSA-2015-1627.html
www.openwall.com/lists/oss-security/2015/01/29/21
www.securityfocus.com/bid/72710
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1186614
bugzilla.redhat.com/show_bug.cgi?id=981942
rhn.redhat.com/errata/RHSA-2015-1627.html
sourceware.org/bugzilla/show_bug.cgi?id=18011
sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7