CVE-2013-7423
published 2015-02-24CVE-2013-7423: The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote…
medium5CVSS 3.1
AVNACLAuNCNIPAN
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | glibc | < glibc 2.19-1 (bookworm) | glibc 2.19-1 (bookworm) |
| eglibc | eglibc | >= 0 < 2.19-0ubuntu6.6 | 2.19-0ubuntu6.6 |
| gnu | glibc | < 2.20 | 2.20 |
| gnu | glibc | >= 0 < 2.19-1 | 2.19-1 |
| gnu | glibc | >= 0 < 2.19-1 | 2.19-1 |
| gnu | glibc | >= 0 < 2.19-1 | 2.19-1 |
| gnu | glibc | >= 0 < 2.19-1 | 2.19-1 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux_server_aus | — | — |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM