CVE-2013-1914
glibc: Stack (frame) overflow in getaddrinfo() when processing entry mapping to long list of address structures
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.
Desbordamiento de búfer basado en pila en la función getaddrinfo en sysdeps/posix/getaddrinfo.c en GNU C Library (tambien conocido como glibc o libc6) v2.17 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un (1) nombre de host o (2) una dirección IP que desencadenan un gran número de resultados en la conversión de dominio.
It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.
Many Moxa devices suffer from command injection, cross site scripting, and outdated software vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-02-19 CVE Reserved
- 2013-04-24 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (21)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html | X_refsource_misc |
|
| http://seclists.org/fulldisclosure/2021/Sep/0 | Mailing List |
|
| http://secunia.com/advisories/55113 | Third Party Advisory | |
| http://sourceware.org/bugzilla/show_bug.cgi?id=15330 | X_refsource_confirm | |
| http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2013/04/03/2 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2013/04/03/8 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2013/04/05/1 | Mailing List |
|
| http://www.securityfocus.com/bid/58839 | Vdb Entry | |
| http://www.vmware.com/security/advisories/VMSA-2014-0008.html | X_refsource_confirm | |
| https://bugzilla.novell.com/show_bug.cgi?id=813121 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0769.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2013-1605.html | 2023-02-13 | |
| http://secunia.com/advisories/52817 | 2023-02-13 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:163 | 2023-02-13 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 | 2023-02-13 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 | 2023-02-13 | |
| http://www.ubuntu.com/usn/USN-1991-1 | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=947882 | 2013-11-20 | |
| https://security.gentoo.org/glsa/201503-04 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2013-1914 | 2013-11-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | <= 2.17 Search vendor "Gnu" for product "Glibc" and version " <= 2.17" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.1 Search vendor "Gnu" for product "Glibc" and version "2.0.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.0.6 Search vendor "Gnu" for product "Glibc" and version "2.0.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.2 Search vendor "Gnu" for product "Glibc" and version "2.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.2.1 Search vendor "Gnu" for product "Glibc" and version "2.2.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.2.2 Search vendor "Gnu" for product "Glibc" and version "2.2.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.2.3 Search vendor "Gnu" for product "Glibc" and version "2.2.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.2.4 Search vendor "Gnu" for product "Glibc" and version "2.2.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.2.5 Search vendor "Gnu" for product "Glibc" and version "2.2.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3 Search vendor "Gnu" for product "Glibc" and version "2.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.1 Search vendor "Gnu" for product "Glibc" and version "2.3.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.2 Search vendor "Gnu" for product "Glibc" and version "2.3.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.3 Search vendor "Gnu" for product "Glibc" and version "2.3.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.4 Search vendor "Gnu" for product "Glibc" and version "2.3.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.5 Search vendor "Gnu" for product "Glibc" and version "2.3.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.3.6 Search vendor "Gnu" for product "Glibc" and version "2.3.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.4 Search vendor "Gnu" for product "Glibc" and version "2.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.5 Search vendor "Gnu" for product "Glibc" and version "2.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.5.1 Search vendor "Gnu" for product "Glibc" and version "2.5.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.6 Search vendor "Gnu" for product "Glibc" and version "2.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.6.1 Search vendor "Gnu" for product "Glibc" and version "2.6.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.7 Search vendor "Gnu" for product "Glibc" and version "2.7" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.8 Search vendor "Gnu" for product "Glibc" and version "2.8" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.9 Search vendor "Gnu" for product "Glibc" and version "2.9" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.10.1 Search vendor "Gnu" for product "Glibc" and version "2.10.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.11 Search vendor "Gnu" for product "Glibc" and version "2.11" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.11.1 Search vendor "Gnu" for product "Glibc" and version "2.11.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.11.2 Search vendor "Gnu" for product "Glibc" and version "2.11.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.11.3 Search vendor "Gnu" for product "Glibc" and version "2.11.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.12.1 Search vendor "Gnu" for product "Glibc" and version "2.12.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.12.2 Search vendor "Gnu" for product "Glibc" and version "2.12.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.13 Search vendor "Gnu" for product "Glibc" and version "2.13" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.14 Search vendor "Gnu" for product "Glibc" and version "2.14" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.14.1 Search vendor "Gnu" for product "Glibc" and version "2.14.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.15 Search vendor "Gnu" for product "Glibc" and version "2.15" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | 2.16 Search vendor "Gnu" for product "Glibc" and version "2.16" | - |
Affected
| ||||||