Vulnerability CVE-2016-3075: Information

Description

Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-3075
Published: June 1, 2016
Modified: Nov. 7, 2023
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
glibcsisyphus2.23-alt22.38.0.76.e9f05fa1c6-alt1ALT-PU-2016-1480-1164298Fixed
glibcp102.23-alt22.32-alt5.p10.2ALT-PU-2016-1480-1164298Fixed
glibcp92.23-alt22.27-alt14ALT-PU-2016-1480-1164298Fixed
glibcp82.23-alt22.23-alt3.M80P.2ALT-PU-2016-1514-1164761Fixed
glibcc10f12.23-alt22.32-alt5.p10.2ALT-PU-2016-1480-1164298Fixed
glibcc9f22.23-alt22.27-alt14ALT-PU-2016-1480-1164298Fixed
glibcc72.17-alt5.M70C.122.17-alt5.M70C.14ALT-PU-2016-2029-1169527Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
USN-2985-1
    https://sourceware.org/bugzilla/show_bug.cgi?id=19879
      FEDORA-2016-68abc0be35
        openSUSE-SU-2016:1527
          85732
            openSUSE-SU-2016:1779
              GLSA-201702-11
                RHSA-2016:2573
                  https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=317b199b4aff8cfa27f2302ab404d2bb5032b9a4

                      1. Configuration 1

                        cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

                        Configuration 2

                        cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
                        End including
                        2.23

                        Configuration 3

                        cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*

                        Configuration 4

                        cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
                        cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
                        cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
                    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                    Version: v24.4.2
                    Back to top