CVE-2016-3075: Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent…

high7.5CVSS 3.0

AVNACLPRNUINSUCNINAH

Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

Affected

13 ranges

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	glibc	< glibc 2.22-6 (bookworm)	glibc 2.22-6 (bookworm)
eglibc	eglibc	>= 0 < 2.19-0ubuntu6.8	2.19-0ubuntu6.8
eglibc	eglibc	>= 0 < 2.19-0ubuntu6.9	2.19-0ubuntu6.9
fedoraproject	fedora	—	—
gnu	glibc	<= 2.23	—
gnu	glibc	>= 0 < 2.22-6	2.22-6
gnu	glibc	>= 0 < 2.22-6	2.22-6
gnu	glibc	>= 0 < 2.22-6	2.22-6
gnu	glibc	>= 0 < 2.22-6	2.22-6
opensuse	opensuse	—	—

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

osv7.5HIGH