CVE-2013-1914

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Buffer Error

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2009-5029, CVE-2010-4756, CVE-2011-1089, CVE-2011-5320, CVE-2012-0864, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480, CVE-2012-4412, CVE-2012-4424, CVE-2013-0242, CVE-2013-4237, CVE-2013-4322, CVE-2013-4332, CVE-2013-4357, CVE-2013-4458, CVE-2013-4590, CVE-2013-4788, CVE-2013-7423, CVE-2013-7424, CVE-2014-0050, CVE-2014-0114, CVE-2014-4043, CVE-2015-1472, CVE-2015-1473

Published on 30/04/13 - Updated on 01/07/17

Description

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.

Category: Buffer Error

CWE-119 (Buffer Errors)
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Security Notices

US National Vulnerability DatabaseCVE-2013-1914
Amazon Linux ALAS-2013-270
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2014-AVI-382
CentOS CESA-2013:0769, CESA-2013:1605
Debian LTSDLA-165-1
Oracle Linux ELSA-2013-0769, ELSA-2013-1605
Redhat RHSA-2013:0769, RHSA-2013:1605
Renater 2014/VULN187
SUSE SUSE-SU-2013:0858, SUSE-SU-2013:1251, SUSE-SU-2013:1287, SUSE-SU-2013:1852, SUSE-SU-2013:1854
Ubuntu USN-1991-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
gnuglibc

Share this vulnerability with:

Twitter Facebook LinkedIn Mail