CVE-2013-1914

glibc: Stack (frame) overflow in getaddrinfo() when processing entry mapping to long list of address structures

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.

Desbordamiento de búfer basado en pila en la función getaddrinfo en sysdeps/posix/getaddrinfo.c en GNU C Library (tambien conocido como glibc o libc6) v2.17 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un (1) nombre de host o (2) una dirección IP que desencadenan un gran número de resultados en la conversión de dominio.

It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.

It was discovered that the GNU C Library incorrectly handled the strcoll() function. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. It was discovered that the GNU C Library incorrectly handled multibyte characters in the regular expression matcher. An attacker could use this issue to cause a denial of service. It was discovered that the GNU C Library incorrectly handled large numbers of domain conversion results in the getaddrinfo() function. An attacker could use this issue to cause a denial of service. Various other issues were also addressed.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-02-19 CVE Reserved
2013-04-29 CVE Published
2021-09-01 First Exploit
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (22)

URL	Tag	Source
http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html	X_refsource_misc
http://seclists.org/fulldisclosure/2021/Sep/0	Mailing List
http://secunia.com/advisories/55113	Third Party Advisory
http://sourceware.org/bugzilla/show_bug.cgi?id=15330	X_refsource_confirm
http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2013/04/03/2	Mailing List
http://www.openwall.com/lists/oss-security/2013/04/03/8	Mailing List
http://www.openwall.com/lists/oss-security/2013/04/05/1	Mailing List
http://www.securityfocus.com/bid/58839	Vdb Entry
http://www.vmware.com/security/advisories/VMSA-2014-0008.html	X_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=813121	X_refsource_misc

URL	Date	SRC
https://packetstorm.news/files/id/164014	2021-09-01

URL	Date	SRC

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2013-0769.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2013-1605.html	2023-02-13
http://secunia.com/advisories/52817	2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2013:163	2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283	2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2013:284	2023-02-13
http://www.ubuntu.com/usn/USN-1991-1	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=947882	2013-11-20
https://security.gentoo.org/glsa/201503-04	2023-02-13
https://access.redhat.com/security/cve/CVE-2013-1914	2013-11-20

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				<= 2.17 Search vendor "Gnu" for product "Glibc" and version " <= 2.17"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.0.1 Search vendor "Gnu" for product "Glibc" and version "2.0.1"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.0.6 Search vendor "Gnu" for product "Glibc" and version "2.0.6"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.2 Search vendor "Gnu" for product "Glibc" and version "2.2"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.2.1 Search vendor "Gnu" for product "Glibc" and version "2.2.1"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.2.2 Search vendor "Gnu" for product "Glibc" and version "2.2.2"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.2.3 Search vendor "Gnu" for product "Glibc" and version "2.2.3"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.2.4 Search vendor "Gnu" for product "Glibc" and version "2.2.4"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.2.5 Search vendor "Gnu" for product "Glibc" and version "2.2.5"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.3 Search vendor "Gnu" for product "Glibc" and version "2.3"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.3.1 Search vendor "Gnu" for product "Glibc" and version "2.3.1"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.3.2 Search vendor "Gnu" for product "Glibc" and version "2.3.2"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.3.3 Search vendor "Gnu" for product "Glibc" and version "2.3.3"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.3.4 Search vendor "Gnu" for product "Glibc" and version "2.3.4"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.3.5 Search vendor "Gnu" for product "Glibc" and version "2.3.5"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.3.6 Search vendor "Gnu" for product "Glibc" and version "2.3.6"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.4 Search vendor "Gnu" for product "Glibc" and version "2.4"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.5 Search vendor "Gnu" for product "Glibc" and version "2.5"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.5.1 Search vendor "Gnu" for product "Glibc" and version "2.5.1"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.6 Search vendor "Gnu" for product "Glibc" and version "2.6"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.6.1 Search vendor "Gnu" for product "Glibc" and version "2.6.1"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.7 Search vendor "Gnu" for product "Glibc" and version "2.7"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.8 Search vendor "Gnu" for product "Glibc" and version "2.8"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.9 Search vendor "Gnu" for product "Glibc" and version "2.9"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.10.1 Search vendor "Gnu" for product "Glibc" and version "2.10.1"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.11 Search vendor "Gnu" for product "Glibc" and version "2.11"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.11.1 Search vendor "Gnu" for product "Glibc" and version "2.11.1"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.11.2 Search vendor "Gnu" for product "Glibc" and version "2.11.2"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.11.3 Search vendor "Gnu" for product "Glibc" and version "2.11.3"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.12.1 Search vendor "Gnu" for product "Glibc" and version "2.12.1"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.12.2 Search vendor "Gnu" for product "Glibc" and version "2.12.2"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.13 Search vendor "Gnu" for product "Glibc" and version "2.13"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.14 Search vendor "Gnu" for product "Glibc" and version "2.14"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.14.1 Search vendor "Gnu" for product "Glibc" and version "2.14.1"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.15 Search vendor "Gnu" for product "Glibc" and version "2.15"		-		Affected
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				2.16 Search vendor "Gnu" for product "Glibc" and version "2.16"		-		Affected