CVE-2016-2225Uncontrolled Resource Consumption in Uclibc

CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 29.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
UclibcDebian UclibcUclibc-ng Project Uclibc-ng
Timeline
PublishedMar 24
Latest updateMay 17

Description

The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a crafted packet.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/uclibc< uclibc 1.0.20-1 (bookworm)
Debianuclibc/uclibc< 1.0.20-1+3

Patches

Patch: repo.or.czPatch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

2
GHSA
GHSA-rh88-rf49-8c8f: The __read_etc_hosts_r function in libc/inet/resolv2022-05-17
OSV
CVE-2016-2225: The __read_etc_hosts_r function in libc/inet/resolv2017-03-24

📋Vendor Advisories

1
Debian
CVE-2016-2225: uclibc - The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12...2016