Lucene search

Veracode Vulnerability DatabaseVERACODE:4445

HistoryJun 21, 2017 - 5:34 a.m.

Denial Of Service (DoS) Through C Dependency

2017-06-2105:34:25

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.974 High

EPSS

Percentile

99.9%

JSON

github.com/google/cadvisor is vulnerable to denial of service (DoS) attacks through the glibc library. The glibc library contains multiple stack-based buffer overflows allowing attackers to cause DoS conditions or possible execute arbitrary code. The vulnerability in glibc was assigned CVE-2015-7547.

CPENameOperatorVersion
github.com/google/cadvisoreqHEAD
github.com/google/cadvisorle0.21.1
github.com/google/cadvisoreqHEAD
github.com/google/cadvisorle0.21.1

Name	Operator	Version
github.com/google/cadvisor	eq	HEAD
github.com/google/cadvisor	le	0.21.1
github.com/google/cadvisor	eq	HEAD
github.com/google/cadvisor	le	0.21.1

References

fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow

lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html

lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html

marc.info/?l=bugtraq&m=145596041017029&w=2

marc.info/?l=bugtraq&m=145672440608228&w=2

marc.info/?l=bugtraq&m=145690841819314&w=2

marc.info/?l=bugtraq&m=145857691004892&w=2

marc.info/?l=bugtraq&m=146161017210491&w=2

packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html

packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html

packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html

packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html

rhn.redhat.com/errata/RHSA-2016-0175.html

rhn.redhat.com/errata/RHSA-2016-0176.html

rhn.redhat.com/errata/RHSA-2016-0225.html

rhn.redhat.com/errata/RHSA-2016-0277.html

seclists.org/fulldisclosure/2019/Sep/7

seclists.org/fulldisclosure/2021/Sep/0

seclists.org/fulldisclosure/2022/Jun/36

support.citrix.com/article/CTX206991

ubuntu.com/usn/usn-2900-1

www.debian.org/security/2016/dsa-3480

www.debian.org/security/2016/dsa-3481

www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow

www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en

www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/bid/83265

www.securitytracker.com/id/1035020

www.vmware.com/security/advisories/VMSA-2016-0002.html

access.redhat.com/articles/2161461

access.redhat.com/errata/RHSA-2016:0175

access.redhat.com/errata/RHSA-2016:0176

access.redhat.com/errata/RHSA-2016:0225

access.redhat.com/errata/RHSA-2016:0277

access.redhat.com/security/cve/CVE-2015-7547

blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/

blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

bto.bluecoat.com/security-advisory/sa114

bugzilla.redhat.com/show_bug.cgi?id=1293532

github.com/google/cadvisor/commit/39fbd9fc6a5db6648af2a0d48c89072130975839

googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

ics-cert.us-cert.gov/advisories/ICSA-16-103-01

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161

kc.mcafee.com/corporate/index?page=content&id=SB10150

nvd.nist.gov/vuln/detail/CVE-2015-7547

seclists.org/bugtraq/2019/Sep/7

security.gentoo.org/glsa/201602-02

security.netapp.com/advisory/ntap-20160217-0002/

sourceware.org/bugzilla/show_bug.cgi?id=18665

sourceware.org/ml/libc-alpha/2016-02/msg00416.html

support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html

support.lenovo.com/us/en/product_security/len_5450

www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17

www.exploit-db.com/exploits/39454/

www.exploit-db.com/exploits/40339/

www.kb.cert.org/vuls/id/457759

www.tenable.com/security/research/tra-2017-08