CVE-2016-3075HIGH
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
References
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html
http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html
http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html
http://rhn.redhat.com/errata/RHSA-2016-2573.html
http://www.securityfocus.com/bid/85732
http://www.ubuntu.com/usn/USN-2985-1
https://security.gentoo.org/glsa/201702-11
https://sourceware.org/bugzilla/show_bug.cgi?id=19879
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=317b199b4aff8cfa27f2302ab404d2bb5032b9a4
Details
Source: MITRE
Published: 2016-06-01
Updated: 2018-10-30
Type: CWE-119
Risk Information
CVSS v2
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* versions up to 2.23 (inclusive)
Configuration 3
OR
Configuration 4
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 125005 | EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1552) | Nessus | Huawei Local Security Checks | critical |
| 121682 | Photon OS 1.0: Glibc PHSA-2017-0013 | Nessus | PhotonOS Local Security Checks | high |
| 118432 | EulerOS Virtualization 2.5.0 : glibc (EulerOS-SA-2018-1344) | Nessus | Huawei Local Security Checks | critical |
| 111862 | Photon OS 1.0: Cracklib / Glibc / Httpd / Libevent / Libgcrypt PHSA-2017-0013 (deprecated) | Nessus | PhotonOS Local Security Checks | critical |
| 99833 | EulerOS 2.0 SP1 : glibc (EulerOS-SA-2016-1073) | Nessus | Huawei Local Security Checks | high |
| 97254 | GLSA-201702-11 : GNU C Library: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 97022 | Amazon Linux AMI : glibc (ALAS-2017-792) | Nessus | Amazon Linux Local Security Checks | high |
| 95840 | Scientific Linux Security Update : glibc on SL7.x x86_64 (20161103) | Nessus | Scientific Linux Local Security Checks | high |
| 95320 | CentOS 7 : glibc (CESA-2016:2573) | Nessus | CentOS Local Security Checks | high |
| 94696 | Oracle Linux 7 : glibc (ELSA-2016-2573) | Nessus | Oracle Linux Local Security Checks | high |
| 94536 | RHEL 7 : glibc (RHSA-2016:2573) | Nessus | Red Hat Local Security Checks | high |
| 93309 | SUSE SLES11 Security Update : glibc (SUSE-SU-2016:2156-1) | Nessus | SuSE Local Security Checks | high |
| 93175 | SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1733-1) | Nessus | SuSE Local Security Checks | high |
| 93173 | SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1721-1) | Nessus | SuSE Local Security Checks | high |
| 92146 | Fedora 24 : glibc (2016-b321728d74) | Nessus | Fedora Local Security Checks | high |
| 91987 | openSUSE Security Update : glibc (openSUSE-2016-852) | Nessus | SuSE Local Security Checks | critical |
| 91534 | openSUSE Security Update : glibc (openSUSE-2016-699) | Nessus | SuSE Local Security Checks | high |
| 91361 | Debian DLA-494-1 : eglibc security update | Nessus | Debian Local Security Checks | high |
| 91341 | Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eglibc, glibc regression (USN-2985-2) | Nessus | Ubuntu Local Security Checks | critical |
| 91334 | Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eglibc, glibc vulnerabilities (USN-2985-1) | Nessus | Ubuntu Local Security Checks | critical |
| 91063 | Fedora 23 : glibc-2.22-15.fc23 (2016-68abc0be35) | Nessus | Fedora Local Security Checks | critical |