CVE-2016-2224Uncontrolled Resource Consumption in Uclibc

CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.9%
top 23.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
UclibcDebian UclibcUclibc-ng Project Uclibc-ng
Timeline
PublishedMar 24
Latest updateMay 17

Description

The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vectors involving compressed items in a reply.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/uclibc< uclibc 1.0.20-1 (bookworm)
Debianuclibc/uclibc< 1.0.20-1+3

Patches

Patch: repo.or.czPatch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

2
GHSA
GHSA-f95j-r4jh-f3j8: The __decode_dotted function in libc/inet/resolv2022-05-17
OSV
CVE-2016-2224: The __decode_dotted function in libc/inet/resolv2017-03-24

📋Vendor Advisories

1
Debian
CVE-2016-2224: uclibc - The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 al...2016