CVE-2016-3075

MEDIUM

Description

Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html

http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html

http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html

http://rhn.redhat.com/errata/RHSA-2016-2573.html

http://www.securityfocus.com/bid/85732

http://www.ubuntu.com/usn/USN-2985-1

https://security.gentoo.org/glsa/201702-11

https://sourceware.org/bugzilla/show_bug.cgi?id=19879

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=317b199b4aff8cfa27f2302ab404d2bb5032b9a4

Details

Source: MITRE

Published: 2016-06-01

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

ID	Name	Product	Family	Severity
125005	EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1552)	Nessus	Huawei Local Security Checks	high
121682	Photon OS 1.0: Glibc PHSA-2017-0013	Nessus	PhotonOS Local Security Checks	high
118432	EulerOS Virtualization 2.5.0 : glibc (EulerOS-SA-2018-1344)	Nessus	Huawei Local Security Checks	high
111862	Photon OS 1.0: Cracklib / Glibc / Httpd / Libevent / Libgcrypt PHSA-2017-0013 (deprecated)	Nessus	PhotonOS Local Security Checks	high
99833	EulerOS 2.0 SP1 : glibc (EulerOS-SA-2016-1073)	Nessus	Huawei Local Security Checks	medium
97254	GLSA-201702-11 : GNU C Library: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
97022	Amazon Linux AMI : glibc (ALAS-2017-792)	Nessus	Amazon Linux Local Security Checks	medium
95840	Scientific Linux Security Update : glibc on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	medium
95320	CentOS 7 : glibc (CESA-2016:2573)	Nessus	CentOS Local Security Checks	medium
94696	Oracle Linux 7 : glibc (ELSA-2016-2573)	Nessus	Oracle Linux Local Security Checks	medium
94536	RHEL 7 : glibc (RHSA-2016:2573)	Nessus	Red Hat Local Security Checks	medium
93309	SUSE SLES11 Security Update : glibc (SUSE-SU-2016:2156-1)	Nessus	SuSE Local Security Checks	high
93175	SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1733-1)	Nessus	SuSE Local Security Checks	high
93173	SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1721-1)	Nessus	SuSE Local Security Checks	high
92146	Fedora 24 : glibc (2016-b321728d74)	Nessus	Fedora Local Security Checks	medium
91987	openSUSE Security Update : glibc (openSUSE-2016-852)	Nessus	SuSE Local Security Checks	high
91534	openSUSE Security Update : glibc (openSUSE-2016-699)	Nessus	SuSE Local Security Checks	high
91361	Debian DLA-494-1 : eglibc security update	Nessus	Debian Local Security Checks	medium
91341	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eglibc, glibc regression (USN-2985-2)	Nessus	Ubuntu Local Security Checks	high
91334	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eglibc, glibc vulnerabilities (USN-2985-1)	Nessus	Ubuntu Local Security Checks	high
91063	Fedora 23 : glibc-2.22-15.fc23 (2016-68abc0be35)	Nessus	Fedora Local Security Checks	high