CVE-2013-7424

glibc: Invalid-free when using getaddrinfo()

Severity Score

5.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.

Vulnerabilidad en la función getaddrinfo en glibc en versiones anteriores a 2.15, cuando es compilado con libidn y es utilizado el indicador AI_IDN, permite a atacantes dependientes de contexto provocar una denegación de servicio (liberación de memoria no válida) y posiblemente ejecutar código arbitrario a través de vectores no especificados, según lo demostrado en un nombre de dominio internacionalizado para ping6.

An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support.

*Credits: N/A

CVSS Scores

NISTv2 5.1

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-01-29 CVE Reserved
2015-02-24 CVE Published
2024-05-02 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-17: DEPRECATED: Code

CAPEC

References (8)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2015/01/29/21	Mailing List
http://www.securityfocus.com/bid/72710	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=981942	X_refsource_confirm
https://sourceware.org/bugzilla/show_bug.cgi?id=18011	X_refsource_confirm
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=2e96f1c7	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2015-1627.html	2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=1186614	2015-08-17
https://access.redhat.com/security/cve/CVE-2013-7424	2015-08-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnu Search vendor "Gnu"		Glibc Search vendor "Gnu" for product "Glibc"				<= 2.14.1 Search vendor "Gnu" for product "Glibc" and version " <= 2.14.1"		-		Affected