CVE-2016-3706MEDIUM
Description
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.
References
http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html
http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html
http://www.securityfocus.com/bid/102073
http://www.securityfocus.com/bid/88440
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
https://source.android.com/security/bulletin/2017-12-01
https://sourceware.org/bugzilla/show_bug.cgi?id=20010
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9
Details
Source: MITRE
Published: 2016-06-10
Updated: 2020-10-29
Type: CWE-20
Risk Information
CVSS v2.0
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3.0
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 149140 | EulerOS 2.0 SP3 : glibc (EulerOS-SA-2021-1790) | Nessus | Huawei Local Security Checks | medium |
| 137509 | EulerOS 2.0 SP2 : glibc (EulerOS-SA-2020-1667) | Nessus | Huawei Local Security Checks | medium |
| 127183 | NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0024) | Nessus | NewStart CGSL Local Security Checks | high |
| 125004 | EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1551) | Nessus | Huawei Local Security Checks | critical |
| 121682 | Photon OS 1.0: Glibc PHSA-2017-0013 | Nessus | PhotonOS Local Security Checks | medium |
| 119732 | F5 Networks BIG-IP : glibc vulnerability (K06493172) | Nessus | F5 Networks Local Security Checks | medium |
| 111862 | Photon OS 1.0: Cracklib / Glibc / Httpd / Libevent / Libgcrypt PHSA-2017-0013 (deprecated) | Nessus | PhotonOS Local Security Checks | high |
| 97936 | Ubuntu 12.04 LTS : eglibc regression (USN-3239-3) | Nessus | Ubuntu Local Security Checks | medium |
| 97887 | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eglibc, glibc regression (USN-3239-2) | Nessus | Ubuntu Local Security Checks | medium |
| 97856 | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eglibc, glibc vulnerabilities (USN-3239-1) | Nessus | Ubuntu Local Security Checks | medium |
| 93309 | SUSE SLES11 Security Update : glibc (SUSE-SU-2016:2156-1) | Nessus | SuSE Local Security Checks | medium |
| 93175 | SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1733-1) | Nessus | SuSE Local Security Checks | medium |
| 93173 | SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1721-1) | Nessus | SuSE Local Security Checks | medium |
| 92146 | Fedora 24 : glibc (2016-b321728d74) | Nessus | Fedora Local Security Checks | medium |
| 92144 | Fedora 23 : glibc (2016-b0e67c88b5) | Nessus | Fedora Local Security Checks | medium |
| 91987 | openSUSE Security Update : glibc (openSUSE-2016-852) | Nessus | SuSE Local Security Checks | high |
| 91534 | openSUSE Security Update : glibc (openSUSE-2016-699) | Nessus | SuSE Local Security Checks | high |
| 91361 | Debian DLA-494-1 : eglibc security update | Nessus | Debian Local Security Checks | medium |