CVE-2013-7424 — Glibc vulnerability

CWE-178 documents7 sources

Severity

5.1MEDIUMNVD

EPSS

0.8%

top 25.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc

Timeline

PublishedAug 26

Latest updateMay 17

Description

The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

▶Debiangnu/glibc< 2.15-1+3

▶NVDgnu/glibc2.14.1

🔴Vulnerability Details

GHSA

GHSA-cf2r-3fcj-q45r: The getaddrinfo function in glibc before 2↗2022-05-17

▶

CVEList

CVE-2013-7424: The getaddrinfo function in glibc before 2↗2015-08-26

▶

OSV

CVE-2013-7424: The getaddrinfo function in glibc before 2↗2015-08-26

▶

📋Vendor Advisories

Red Hat

glibc: Invalid-free when using getaddrinfo()↗2015-01-27

▶

Debian

CVE-2013-7424: glibc - The getaddrinfo function in glibc before 2.15, when compiled with libidn and the...↗2013

▶

💬Community

Bugzilla

CVE-2013-7424 glibc: Invalid-free when using getaddrinfo()↗2015-01-28

▶

Bugzilla

CVE-2013-7424 glibc: ping6 with idn causes crash↗2013-07-07

▶