Wind River Support Network

HomeDefectsLIN6-5334

Fixed

LIN6-5334 : Security Advisory - glibc - CVE-2013-4458

Created: Dec 17, 2013 Updated: Dec 3, 2018

Resolved Date: Oct 14, 2014

Previous ID: LIN3-16429

Found In Version: 6.0

Fix Version: 6.0.0.13

Severity: Standard

Applicable for: Wind River Linux 6

Component/s: Toolchain

Description

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4458

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads

binary-toolchain-4.8-39
binary-toolchain-4.8-40
binary-toolchain-4.8-42
binary-toolchain-4.8-43
binary-toolchain-4.8-44
binary-toolchain-4.8-45
binary-toolchain-4.8-47
Wind River Linux 6.0.0.29
Wind River Linux 6.0.0.30
Wind River Linux 6.0.0.31
Wind River Linux 6.0.0.32
Wind River Linux 6.0.0.33
Wind River Linux 6.0.0.34
Wind River Linux 6.0.0.35
Wind River Linux 6.0.0.36
Wind River Linux 6.0.0.37
Wind River Linux 6.0.0.38