Vulnerability CVE-2016-3706: Information

Description

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-3706
Published: June 10, 2016
Modified: Feb. 13, 2023
Error type identifier: CWE-20

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
glibcsisyphus2.23-alt12.38.0.76.e9f05fa1c6-alt1ALT-PU-2016-1135-1158600Fixed
glibcp102.23-alt12.32-alt5.p10.2ALT-PU-2016-1135-1158600Fixed
glibcp92.23-alt12.27-alt14ALT-PU-2016-1135-1158600Fixed
glibcp82.23-alt22.23-alt3.M80P.2ALT-PU-2016-1514-1164761Fixed
glibcc10f12.23-alt12.32-alt5.p10.2ALT-PU-2016-1135-1158600Fixed
glibcc9f22.23-alt12.27-alt14ALT-PU-2016-1135-1158600Fixed
glibcc72.17-alt5.M70C.122.17-alt5.M70C.14ALT-PU-2016-2029-1169527Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://sourceware.org/bugzilla/show_bug.cgi?id=20010
  • Issue Tracking
openSUSE-SU-2016:1527
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2016:1779
  • Mailing List
  • Third Party Advisory
88440
  • Third Party Advisory
  • VDB Entry
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
  • Third Party Advisory
https://source.android.com/security/bulletin/2017-12-01
  • Third Party Advisory
102073
  • Third Party Advisory
  • VDB Entry
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9

      1. Configuration 1

        cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

        Configuration 2

        cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
        End excliding
        2.23
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.4.2
    Back to top