CVE-2017-12133
published 2017-09-07CVE-2017-12133: Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to…
medium5.9CVSS 3.0
AVNACHPRNUINSUCNIHAN
Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glibc | < glibc 2.24-15 (bookworm) | glibc 2.24-15 (bookworm) |
| gnu | glibc | <= 2.25 | — |
| gnu | glibc | >= 0 < 2.24-15 | 2.24-15 |
| gnu | glibc | >= 0 < 2.24-15 | 2.24-15 |
| gnu | glibc | >= 0 < 2.24-15 | 2.24-15 |
| gnu | glibc | >= 0 < 2.24-15 | 2.24-15 |
| gnu | glibc | >= 0 < 2.23-0ubuntu11.2 | 2.23-0ubuntu11.2 |
| gnu | glibc | >= 0 < 2.27-3ubuntu1.2 | 2.27-3ubuntu1.2 |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
osv5.9MEDIUM