CVE-2014-9402 — Infinite Loop in Glibc

CWE-399 CWE-835 — Infinite Loop9 documents8 sources

Severity

7.8HIGHNVD

EPSS

8.7%

top 7.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc Canonical Ubuntu Linux Opensuse

Timeline

PublishedFeb 24

Latest updateMay 14

Description

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶Debiangnu/glibc< 2.19-14+3

▶NVDgnu/glibc2.20

▶NVDopensuse/opensuse13.1, 13.2+1

Also affects: Ubuntu Linux 10.04, 12.04, 14.04, 14.10

🔴Vulnerability Details

GHSA

GHSA-9rf5-3j57-32x7: The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2↗2022-05-14

▶

OSV

eglibc, glibc vulnerabilities↗2015-02-26

▶

CVEList

CVE-2014-9402: The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2↗2015-02-24

▶

OSV

CVE-2014-9402: The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2↗2015-02-24

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2015-02-26

▶

Red Hat

glibc: denial of service in getnetbyname function↗2014-11-20

▶

Debian

CVE-2014-9402: glibc - The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2...↗2014

▶

💬Community

Bugzilla

CVE-2014-9402 glibc: denial of service in getnetbyname function↗2014-12-17

▶