Lucene search
RedhatCVE-2013-4458HistoryDec 12, 2013 - 6:55 p.m.
CVE-2013-4458
2013-12-1218:55:10
CWE-119
redhat
web.nvd.nist.gov
90
cve-2013-4458
glibc
libc6
buffer overflow
getaddrinfo
stack-based
denial of service
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
7.7
Confidence
High
EPSS
0.16
Percentile
96.1%
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.
Affected configurations
Node
gnuglibcRange≤2.18
ORgnuglibcMatch2.0
ORgnuglibcMatch2.0.1
ORgnuglibcMatch2.0.2
ORgnuglibcMatch2.0.3
ORgnuglibcMatch2.0.4
ORgnuglibcMatch2.0.5
ORgnuglibcMatch2.0.6
ORgnuglibcMatch2.1
ORgnuglibcMatch2.1.1
ORgnuglibcMatch2.1.1.6
ORgnuglibcMatch2.1.2
ORgnuglibcMatch2.1.3
ORgnuglibcMatch2.1.9
ORgnuglibcMatch2.10.1
ORgnuglibcMatch2.11
ORgnuglibcMatch2.11.1
ORgnuglibcMatch2.11.2
ORgnuglibcMatch2.11.3
ORgnuglibcMatch2.12.1
ORgnuglibcMatch2.12.2
ORgnuglibcMatch2.13
ORgnuglibcMatch2.14
ORgnuglibcMatch2.14.1
ORgnuglibcMatch2.15
ORgnuglibcMatch2.16
ORgnuglibcMatch2.17
Node
suselinux_enterprise_debuginfoMatch11sp2
ORsuselinux_enterprise_serverMatch11sp2ltss
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gnu | glibc | * | cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* |
| gnu | glibc | 2.0 | cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:* |
| gnu | glibc | 2.0.1 | cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:* |
| gnu | glibc | 2.0.2 | cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:* |
| gnu | glibc | 2.0.3 | cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:* |
| gnu | glibc | 2.0.4 | cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:* |
| gnu | glibc | 2.0.5 | cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:* |
| gnu | glibc | 2.0.6 | cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:* |
| gnu | glibc | 2.1 | cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:* |
| gnu | glibc | 2.1.1 | cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:* |
References
lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
www.mandriva.com/security/advisories?name=MDVSA-2013:283
www.mandriva.com/security/advisories?name=MDVSA-2013:284
security.gentoo.org/glsa/201503-04
sourceware.org/bugzilla/show_bug.cgi?id=16072
sourceware.org/ml/libc-alpha/2013-10/msg00733.html
Related
prion
prion
cvelist
cvelist
debiancve
debiancve
nvd
nvd
ubuntucve
ubuntucve
f5
f5
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2014:0760-1)
2021-06-09 00:00:00
RedHat Update for glibc RHSA-2014:1391-02
2014-10-15 00:00:00
Fedora Update for glibc FEDORA-2016-b0e67c88b5
2016-06-08 00:00:00
nessus
nessus
Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20141014)
2014-11-04 00:00:00
Oracle Linux 6 : glibc (ELSA-2014-1391)
2014-10-17 00:00:00
F5 Networks BIG-IP : glibc vulnerability (K06493172)
2018-12-18 00:00:00
centos
centos
glibc, nscd security update
2014-10-20 18:08:56
glibc, nscd security update
2013-04-24 21:58:40
glibc, nscd security update
2013-11-26 13:31:38
android
android
CVE-2016-3706
2017-12-01 00:00:00
redhat
redhat
(RHSA-2014:1391) Moderate: glibc security, bug fix, and enhancement update
2014-10-14 00:00:00
(RHSA-2013:0769) Low: glibc security and bug fix update
2013-04-24 00:00:00
(RHSA-2013:1605) Moderate: glibc security, bug fix, and enhancement update
2013-11-21 00:00:00
cve
cve
CVE-2016-3706
2016-06-10 15:59:03
CVE-2013-1914
2013-04-29 22:55:01
securityvulns
securityvulns
[ MDVSA-2013:284 ] glibc
2013-12-01 00:00:00
glibc security vulnerabilities
2013-12-01 00:00:00
[ MDVSA-2013:163 ] glibc
2013-05-09 00:00:00
ubuntu
ubuntu
GNU C Library regression
2014-09-08 00:00:00
GNU C Library vulnerabilities
2014-08-04 00:00:00
GNU C Library regression
2014-08-05 00:00:00
osv
osv
eglibc - security update
2016-05-30 00:00:00
eglibc - security update
2015-03-06 00:00:00
glibc-2.24-2.3 on GA media
2024-06-15 00:00:00
oraclelinux
oraclelinux
glibc security, bug fix, and enhancement update
2014-10-15 00:00:00
glibc security and bug fix update
2013-04-24 00:00:00
glibc security, bug fix, and enhancement update
2013-11-25 00:00:00
debian
debian
[SECURITY] [DLA 494-1] eglibc security update
2016-05-30 04:24:49
[SECURITY] [DLA 165-1] eglibc security update
2015-03-06 15:39:53
mageia
mageia
Updated glibc packages fix security vulnerabilities
2016-05-24 01:00:58
Updated glibc package fixes security vulnerabilities
2013-11-22 22:44:49
altlinux
altlinux
Security fix for the ALT Linux 9 package glibc version 6:2.17-alt6
2014-01-11 00:00:00
Security fix for the ALT Linux 7 package glibc version 6:2.17-alt6
2014-01-11 00:00:00
Security fix for the ALT Linux 6 package glibc version 6:2.11.3-alt8.M60P.3
2015-12-23 00:00:00
veracode
veracode
Stack-based Buffer Overflow
2019-05-02 04:44:45
slackware
slackware
[slackware-security] glibc
2014-10-24 05:36:04
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2015-03-08 00:00:00
amazon
amazon
Medium: glibc
2013-12-17 21:39:00
suse
suse
Security update for glibc (important)
2016-02-16 20:15:44
fedora
fedora
[SECURITY] Fedora 19 Update: glibc-2.17-13.fc19
2013-08-22 00:50:09
vmware
vmware
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
packetstorm
packetstorm
Moxa Command Injection / Cross Site Scripting / Vulnerable Software
2021-09-01 00:00:00
zdt
zdt
Moxa Command Injection / Cross Site Scripting Vulnerabilities
2021-09-01 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
7.7
Confidence
High
EPSS
0.16
Percentile
96.1%
Related for CVE-2013-4458