// For flags

CVE-2013-4458

glibc: Stack (frame) overflow in getaddrinfo() when called with AF_INET6

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.

Desbordamiento de búfer basado en pila en la función getaddrinfo en sysdeps/posix/getaddrinfo.c de GNU C Library (también conocido como glibc o libc6) 2.18 y anteriores versiones permite a atacantes remotos provocar una denegación de servicio (caída) a través de (1) un nombre de host o (2) dirección IP que desencadena un gran número de resultados de dirección AF_INET6. NOTA: esta vulnerabilidad existe por un parche incompleto para CVE-2013-1914.

It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-06-12 CVE Reserved
  • 2013-11-25 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2024-08-29 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-121: Stack-based Buffer Overflow
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
<= 2.18
Search vendor "Gnu" for product "Glibc" and version " <= 2.18"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.0
Search vendor "Gnu" for product "Glibc" and version "2.0"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.0.1
Search vendor "Gnu" for product "Glibc" and version "2.0.1"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.0.2
Search vendor "Gnu" for product "Glibc" and version "2.0.2"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.0.3
Search vendor "Gnu" for product "Glibc" and version "2.0.3"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.0.4
Search vendor "Gnu" for product "Glibc" and version "2.0.4"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.0.5
Search vendor "Gnu" for product "Glibc" and version "2.0.5"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.0.6
Search vendor "Gnu" for product "Glibc" and version "2.0.6"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.1
Search vendor "Gnu" for product "Glibc" and version "2.1"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.1.1
Search vendor "Gnu" for product "Glibc" and version "2.1.1"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.1.1.6
Search vendor "Gnu" for product "Glibc" and version "2.1.1.6"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.1.2
Search vendor "Gnu" for product "Glibc" and version "2.1.2"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.1.3
Search vendor "Gnu" for product "Glibc" and version "2.1.3"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.1.9
Search vendor "Gnu" for product "Glibc" and version "2.1.9"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.10.1
Search vendor "Gnu" for product "Glibc" and version "2.10.1"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.11
Search vendor "Gnu" for product "Glibc" and version "2.11"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.11.1
Search vendor "Gnu" for product "Glibc" and version "2.11.1"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.11.2
Search vendor "Gnu" for product "Glibc" and version "2.11.2"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.11.3
Search vendor "Gnu" for product "Glibc" and version "2.11.3"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.12.1
Search vendor "Gnu" for product "Glibc" and version "2.12.1"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.12.2
Search vendor "Gnu" for product "Glibc" and version "2.12.2"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.13
Search vendor "Gnu" for product "Glibc" and version "2.13"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.14
Search vendor "Gnu" for product "Glibc" and version "2.14"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.14.1
Search vendor "Gnu" for product "Glibc" and version "2.14.1"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.15
Search vendor "Gnu" for product "Glibc" and version "2.15"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.16
Search vendor "Gnu" for product "Glibc" and version "2.16"
-
Affected
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
2.17
Search vendor "Gnu" for product "Glibc" and version "2.17"
-
Affected
Suse
Search vendor "Suse"
Linux Enterprise Debuginfo
Search vendor "Suse" for product "Linux Enterprise Debuginfo"
11
Search vendor "Suse" for product "Linux Enterprise Debuginfo" and version "11"
sp2
Affected
Suse
Search vendor "Suse"
Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
11
Search vendor "Suse" for product "Linux Enterprise Server" and version "11"
sp2, ltss
Affected