CVE-2013-4458 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Glibc
Severity
5.0MEDIUMNVD
OSV7.5
EPSS
1.2%
top 21.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 12
Latest updateMay 17
Description
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.
CVSS vector
AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9
Affected Packages5 packages
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-jcwq-q9mq-r3fv: Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo↗2022-05-17
CVEList▶
CVE-2013-4458: Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo↗2013-12-12
OSV▶
CVE-2013-4458: Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo↗2013-12-12
📋Vendor Advisories
4💬Community
3Bugzilla▶
CVE-2016-3706 glibc: stack (frame) overflow in getaddrinfo() when called with AF_INET, AF_INET6 (incomplete fix for CVE-2013-4458)↗2016-04-27
Bugzilla▶
CVE-2016-3706 glibc: stack (frame) overflow in getaddrinfo() when called with AF_INET, AF_INET6 (incomplete fix for CVE-2013-4458) [fedora-all]↗2016-04-27
Bugzilla
▶