CVE-2018-19591

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.

References

http://www.securityfocus.com/bid/106037

http://www.securitytracker.com/id/1042174

https://lists.fedoraproject.org/archives/list/[email protected]/message/BO7WHN52GFMC5F2I2232GFIPSSXWFV7G/

https://lists.fedoraproject.org/archives/list/[email protected]/message/M52KE4YR3GNMHQUOS3DKAGZD5TQ5D5UH/

https://security.gentoo.org/glsa/201903-09

https://security.gentoo.org/glsa/201908-06

https://security.netapp.com/advisory/ntap-20190321-0003/

https://sourceware.org/bugzilla/show_bug.cgi?id=23927

https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=NEWS;hb=HEAD

https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d527c860f5a3f0ed687bd03f0cb464612dc23408

https://usn.ubuntu.com/4416-1/

Details

Source: MITRE

Published: 2018-12-04

Updated: 2020-07-09

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
147282NewStart CGSL MAIN 6.02 : glibc Multiple Vulnerabilities (NS-SA-2021-0053)NessusNewStart CGSL Local Security Checks
high
138166Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : GNU C Library vulnerabilities (USN-4416-1)NessusUbuntu Local Security Checks
critical
133298Photon OS 1.0: Glibc PHSA-2019-1.0-0209NessusPhotonOS Local Security Checks
high
127955GLSA-201908-06 : glibc: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
122915Photon OS 2.0: Glibc PHSA-2019-2.0-0134NessusPhotonOS Local Security Checks
critical
122831GLSA-201903-09 : GNU C Library: Arbitrary descriptor allocationNessusGentoo Local Security Checks
high
121049Amazon Linux 2 : glibc (ALAS-2019-1140)NessusAmazon Linux Local Security Checks
high
120918Fedora 29 : glibc (2018-f6b7df660d)NessusFedora Local Security Checks
high
120212Fedora 28 : glibc (2018-060302dc83)NessusFedora Local Security Checks
high