CVE-2016-4429 — Out-of-bounds Write in Glibc

CWE-787 — Out-of-bounds Write CWE-121 — Stack-based Buffer Overflow CWE-416 — Use After Free17 documents10 sources

Severity

5.9MEDIUMNVD

EPSS

2.0%

top 16.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc Libtirpc Project Libtirpc Canonical Ubuntu Linux +2 more

Timeline

PublishedJun 10

Latest updateMay 13

Description

Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages6 packages

▶NVDgnu/glibc< 2.24

▶Debiangnu/glibc< 2.22-10+3

▶Debianlibtirpc_project/libtirpc< 0.2.5-1.1+3

▶Ubuntulibtirpc_project/libtirpc< 0.2.2-5ubuntu2.1+2

▶NVDopensuse/leap42.1

Also affects: Ubuntu Linux 12.04, 14.04, 16.04, 18.04

Patches

Patch: sourceware.org ↗Patch: sourceware.org ↗

🔴Vulnerability Details

GHSA

GHSA-9qmm-hf5x-mr4g: Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp↗2022-05-13

▶

OSV

libtirpc vulnerabilities↗2018-09-05

▶

CVEList

CVE-2016-4429: Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp↗2016-06-10

▶

OSV

CVE-2016-4429: Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp↗2016-06-10

▶

📋Vendor Advisories

Oracle

Oracle Oracle Systems Risk Matrix: XCP Firmware (glibc) — CVE-2016-4429↗2021-07-15

▶

Ubuntu

libtirpc vulnerabilities↗2018-09-05

▶

Ubuntu

libtirpc vulnerabilities↗2018-09-05

▶

Android

CVE-2016-4429: UDP RPC↗2017-12-01

▶

Ubuntu

GNU C Library vulnerabilities↗2017-03-21

▶

💬Community

Bugzilla

CVE-2017-12133 glibc: Use-after-free read access in clntudp_call in sunrpc↗2017-08-04

▶

Bugzilla

CVE-2016-4429 glibc: stack (frame) overflow in Sun RPC clntudp_call() [fedora-all]↗2016-05-18

▶

Bugzilla

CVE-2016-4429 libtirpc: stack (frame) overflow in Sun RPC clntudp_call() [fedora-all]↗2016-05-18

▶

Bugzilla

CVE-2016-4429 glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()↗2016-05-18

▶