Denial Of Service (DoS)

2019-01-1509:07:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON

glibc is vulnerable to denial of service. An invalid free flaw was found in glibc’s getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support.

CPENameOperatorVersion
glibceq2.5__18.el5_1.1
glibceq2.5__49.el5_5.6
glibceq2.5__65.el5_7.3
glibceq2.5__118.el5_10.2
glibceq2.5__49.el5_5.5
glibceq2.5__42.el5_4.2
glibceq2.5__49.el5_5.7
glibceq2.5__58.el5_6.3
glibceq2.5__58.el5_6.4
glibceq2.5__107.el5_9.6

Name	Operator	Version
glibc	eq	2.5__18.el5_1.1
glibc	eq	2.5__49.el5_5.6
glibc	eq	2.5__65.el5_7.3
glibc	eq	2.5__118.el5_10.2
glibc	eq	2.5__49.el5_5.5
glibc	eq	2.5__42.el5_4.2
glibc	eq	2.5__49.el5_5.7
glibc	eq	2.5__58.el5_6.3
glibc	eq	2.5__58.el5_6.4
glibc	eq	2.5__107.el5_9.6