CVE-2017-12133 — Use After Free in Glibc

CWE-416 — Use After Free10 documents8 sources

Severity

5.9MEDIUMNVD

EPSS

0.5%

top 35.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc

Timeline

PublishedSep 7

Latest updateMay 13

Description

Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶Debiangnu/glibc< 2.24-15+3

▶Ubuntugnu/glibc< 2.23-0ubuntu11.2+1

▶NVDgnu/glibc2.25

🔴Vulnerability Details

GHSA

GHSA-v9xh-wvfv-7mhr: Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp↗2022-05-13

▶

OSV

glibc vulnerabilities↗2020-07-06

▶

OSV

CVE-2017-12133: Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp↗2017-09-07

▶

CVEList

CVE-2017-12133: Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp↗2017-09-07

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2020-07-06

▶

Red Hat

glibc: Use-after-free read access in clntudp_call in sunrpc↗2017-02-08

▶

Debian

CVE-2017-12133: glibc - Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c i...↗2017

▶

💬Community

Bugzilla

CVE-2017-12133 glibc: Use-after-free read access in clntudp_call in sunrpc↗2017-08-04

▶

Bugzilla

CVE-2017-12133 glibc: Use-after-free read access in clntudp_call in sunrpc [fedora-all]↗2017-08-04

▶