CVE-2016-10739

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.

References

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html

http://www.securityfocus.com/bid/106672

https://access.redhat.com/errata/RHSA-2019:2118

https://bugzilla.redhat.com/show_bug.cgi?id=1347549

https://sourceware.org/bugzilla/show_bug.cgi?id=20018

Details

Source: MITRE

Published: 2019-01-21

Updated: 2019-08-06

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Impact Score: 3.4

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* versions up to 2.28 (inclusive)

Configuration 2

OR

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
145667CentOS 8 : glibc (CESA-2019:3513)NessusCentOS Local Security Checks
medium
141991Amazon Linux 2 : glibc (ALAS-2020-1517)NessusAmazon Linux Local Security Checks
medium
140089Amazon Linux AMI : python34 (ALAS-2020-1429)NessusAmazon Linux Local Security Checks
medium
140087Amazon Linux AMI : python36 (ALAS-2020-1428)NessusAmazon Linux Local Security Checks
medium
136569Photon OS 2.0: Glibc PHSA-2020-2.0-0242NessusPhotonOS Local Security Checks
medium
136549Photon OS 1.0: Glibc PHSA-2020-1.0-0293NessusPhotonOS Local Security Checks
medium
135640EulerOS Virtualization 3.0.2.2 : glibc (EulerOS-SA-2020-1478)NessusHuawei Local Security Checks
medium
135517EulerOS 2.0 SP3 : glibc (EulerOS-SA-2020-1388)NessusHuawei Local Security Checks
medium
134518EulerOS Virtualization for ARM 64 3.0.2.0 : glibc (EulerOS-SA-2020-1229)NessusHuawei Local Security Checks
medium
132795EulerOS Virtualization for ARM 64 3.0.5.0 : glibc (EulerOS-SA-2020-1041)NessusHuawei Local Security Checks
high
132501NewStart CGSL CORE 5.05 / MAIN 5.05 : glibc Vulnerability (NS-SA-2019-0237)NessusNewStart CGSL Local Security Checks
medium
131629EulerOS 2.0 SP2 : glibc (EulerOS-SA-2019-2476)NessusHuawei Local Security Checks
high
131472EulerOS 2.0 SP8 : glibc (EulerOS-SA-2019-2307)NessusHuawei Local Security Checks
medium
131240Amazon Linux AMI : glibc (ALAS-2019-1320)NessusAmazon Linux Local Security Checks
medium
130864EulerOS 2.0 SP5 : glibc (EulerOS-SA-2019-2155)NessusHuawei Local Security Checks
medium
130546RHEL 8 : glibc (RHSA-2019:3513)NessusRed Hat Local Security Checks
medium
129895NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Vulnerability (NS-SA-2019-0194)NessusNewStart CGSL Local Security Checks
medium
128355CentOS 7 : glibc (CESA-2019:2118)NessusCentOS Local Security Checks
medium
128220Scientific Linux Security Update : glibc on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
medium
127675RHEL 7 : glibc (RHSA-2019:2118)NessusRed Hat Local Security Checks
medium
124451SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2019:1102-1)NessusSuSE Local Security Checks
critical
124216openSUSE Security Update : glibc (openSUSE-2019-1250)NessusSuSE Local Security Checks
medium
123928SUSE SLED15 / SLES15 Security Update : glibc (SUSE-SU-2019:0903-1)NessusSuSE Local Security Checks
medium