CVE-2016-3075

MEDIUM

Description

Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html

http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html

http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html

http://rhn.redhat.com/errata/RHSA-2016-2573.html

http://www.securityfocus.com/bid/85732

http://www.ubuntu.com/usn/USN-2985-1

https://security.gentoo.org/glsa/201702-11

https://sourceware.org/bugzilla/show_bug.cgi?id=19879

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=317b199b4aff8cfa27f2302ab404d2bb5032b9a4

Details

Source: MITRE

Published: 2016-06-01

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* versions up to 2.23 (inclusive)

Configuration 3

OR

cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
125005EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1552)NessusHuawei Local Security Checks
high
121682Photon OS 1.0: Glibc PHSA-2017-0013NessusPhotonOS Local Security Checks
medium
118432EulerOS Virtualization 2.5.0 : glibc (EulerOS-SA-2018-1344)NessusHuawei Local Security Checks
high
111862Photon OS 1.0: Cracklib / Glibc / Httpd / Libevent / Libgcrypt PHSA-2017-0013 (deprecated)NessusPhotonOS Local Security Checks
high
99833EulerOS 2.0 SP1 : glibc (EulerOS-SA-2016-1073)NessusHuawei Local Security Checks
medium
97254GLSA-201702-11 : GNU C Library: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
97022Amazon Linux AMI : glibc (ALAS-2017-792)NessusAmazon Linux Local Security Checks
medium
95840Scientific Linux Security Update : glibc on SL7.x x86_64 (20161103)NessusScientific Linux Local Security Checks
medium
95320CentOS 7 : glibc (CESA-2016:2573)NessusCentOS Local Security Checks
medium
94696Oracle Linux 7 : glibc (ELSA-2016-2573)NessusOracle Linux Local Security Checks
medium
94536RHEL 7 : glibc (RHSA-2016:2573)NessusRed Hat Local Security Checks
medium
93309SUSE SLES11 Security Update : glibc (SUSE-SU-2016:2156-1)NessusSuSE Local Security Checks
medium
93175SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1733-1)NessusSuSE Local Security Checks
medium
93173SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1721-1)NessusSuSE Local Security Checks
medium
92146Fedora 24 : glibc (2016-b321728d74)NessusFedora Local Security Checks
medium
91987openSUSE Security Update : glibc (openSUSE-2016-852)NessusSuSE Local Security Checks
high
91534openSUSE Security Update : glibc (openSUSE-2016-699)NessusSuSE Local Security Checks
high
91361Debian DLA-494-1 : eglibc security updateNessusDebian Local Security Checks
medium
91341Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eglibc, glibc regression (USN-2985-2)NessusUbuntu Local Security Checks
high
91334Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eglibc, glibc vulnerabilities (USN-2985-1)NessusUbuntu Local Security Checks
high
91063Fedora 23 : glibc-2.22-15.fc23 (2016-68abc0be35)NessusFedora Local Security Checks
high