ALT-PU-2018-2753-1
Closed vulnerabilities
Published: 2018-04-12
BDU:2019-00571
Уязвимость функции getaddrinfo библиотеки libc6, позволяющая нарушителю вызвать исчерпание оперативной памяти в целевой системе
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2018-12-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-19591
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- 106037
- 106037
- 1042174
- 1042174
- FEDORA-2018-f6b7df660d
- FEDORA-2018-f6b7df660d
- FEDORA-2018-060302dc83
- FEDORA-2018-060302dc83
- GLSA-201903-09
- GLSA-201903-09
- GLSA-201908-06
- GLSA-201908-06
- https://security.netapp.com/advisory/ntap-20190321-0003/
- https://security.netapp.com/advisory/ntap-20190321-0003/
- https://sourceware.org/bugzilla/show_bug.cgi?id=23927
- https://sourceware.org/bugzilla/show_bug.cgi?id=23927
- https://sourceware.org/git/?p=glibc.git%3Ba=blob_plain%3Bf=NEWS%3Bhb=HEAD
- https://sourceware.org/git/?p=glibc.git%3Ba=blob_plain%3Bf=NEWS%3Bhb=HEAD
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=d527c860f5a3f0ed687bd03f0cb464612dc23408
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=d527c860f5a3f0ed687bd03f0cb464612dc23408
- USN-4416-1
- USN-4416-1