CVE-2014-9402
published 2015-02-24CVE-2014-9402: The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled…
high7.8CVSS 3.1
AVNACLAuNCNINAC
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | glibc | < glibc 2.19-14 (bookworm) | glibc 2.19-14 (bookworm) |
| eglibc | eglibc | >= 0 < 2.19-0ubuntu6.6 | 2.19-0ubuntu6.6 |
| gnu | glibc | <= 2.20 | — |
| gnu | glibc | >= 0 < 2.19-14 | 2.19-14 |
| gnu | glibc | >= 0 < 2.19-14 | 2.19-14 |
| gnu | glibc | >= 0 < 2.19-14 | 2.19-14 |
| gnu | glibc | >= 0 < 2.19-14 | 2.19-14 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
CVSS provenance
nvd7.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.8HIGH