Vulnerability-Lookup

CVE-2013-1914 (GCVE-0-2013-1914)

Vulnerability from cvelistv5 – Published: 2013-04-29 22:00 – Updated: 2024-08-06 15:20

Summary

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2013-1605.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/55113	third-party-advisoryx_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2013/04/03/2	mailing-listx_refsource_MLIST
	http://www.ubuntu.com/usn/USN-1991-1	vendor-advisoryx_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=947882	x_refsource_MISC
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.securityfocus.com/bid/58839	vdb-entryx_refsource_BID
	http://sourceware.org/bugzilla/show_bug.cgi?id=15330	x_refsource_CONFIRM
	http://sourceware.org/git/?p=glibc.git%3Ba=commit…	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2013/04/03/8	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2013/04/05/1	mailing-listx_refsource_MLIST
	https://security.gentoo.org/glsa/201503-04	vendor-advisoryx_refsource_GENTOO
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/52817	third-party-advisoryx_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2013-0769.html	vendor-advisoryx_refsource_REDHAT
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	https://bugzilla.novell.com/show_bug.cgi?id=813121	x_refsource_MISC
	http://seclists.org/fulldisclosure/2021/Sep/0	mailing-listx_refsource_FULLDISC
	http://packetstormsecurity.com/files/164014/Moxa-…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:20:37.241Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"
          },
          {
            "name": "RHSA-2013:1605",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html"
          },
          {
            "name": "55113",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55113"
          },
          {
            "name": "[oss-security] 20130403 CVE Request: glibc getaddrinfo() stack overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/04/03/2"
          },
          {
            "name": "USN-1991-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1991-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=947882"
          },
          {
            "name": "MDVSA-2013:284",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
          },
          {
            "name": "58839",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/58839"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=15330"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7"
          },
          {
            "name": "[oss-security] 20130403 Re: CVE Request: glibc getaddrinfo() stack overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/04/03/8"
          },
          {
            "name": "[oss-security] 20130405 Re: CVE Request: glibc getaddrinfo() stack overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/04/05/1"
          },
          {
            "name": "GLSA-201503-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-04"
          },
          {
            "name": "MDVSA-2013:283",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
          },
          {
            "name": "52817",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/52817"
          },
          {
            "name": "RHSA-2013:0769",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0769.html"
          },
          {
            "name": "MDVSA-2013:163",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:163"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=813121"
          },
          {
            "name": "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Sep/0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-04-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-01T17:06:29.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"
        },
        {
          "name": "RHSA-2013:1605",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html"
        },
        {
          "name": "55113",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55113"
        },
        {
          "name": "[oss-security] 20130403 CVE Request: glibc getaddrinfo() stack overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/04/03/2"
        },
        {
          "name": "USN-1991-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1991-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=947882"
        },
        {
          "name": "MDVSA-2013:284",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
        },
        {
          "name": "58839",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/58839"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=15330"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7"
        },
        {
          "name": "[oss-security] 20130403 Re: CVE Request: glibc getaddrinfo() stack overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/04/03/8"
        },
        {
          "name": "[oss-security] 20130405 Re: CVE Request: glibc getaddrinfo() stack overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/04/05/1"
        },
        {
          "name": "GLSA-201503-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201503-04"
        },
        {
          "name": "MDVSA-2013:283",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
        },
        {
          "name": "52817",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/52817"
        },
        {
          "name": "RHSA-2013:0769",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0769.html"
        },
        {
          "name": "MDVSA-2013:163",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:163"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.novell.com/show_bug.cgi?id=813121"
        },
        {
          "name": "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Sep/0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-1914",
    "datePublished": "2013-04-29T22:00:00.000Z",
    "dateReserved": "2013-02-19T00:00:00.000Z",
    "dateUpdated": "2024-08-06T15:20:37.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2013-1914

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-1914

Aliases

CVE-2013-1914

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-1914",
    "description": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.",
    "id": "GSD-2013-1914",
    "references": [
      "https://www.suse.com/security/cve/CVE-2013-1914.html",
      "https://access.redhat.com/errata/RHSA-2013:1605",
      "https://access.redhat.com/errata/RHSA-2013:0769",
      "https://alas.aws.amazon.com/cve/html/CVE-2013-1914.html",
      "https://linux.oracle.com/cve/CVE-2013-1914.html",
      "https://packetstormsecurity.com/files/cve/CVE-2013-1914"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-1914"
      ],
      "details": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.",
      "id": "GSD-2013-1914",
      "modified": "2023-12-13T01:22:20.802283Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2013-1914",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.gentoo.org/glsa/201503-04",
            "refsource": "MISC",
            "url": "https://security.gentoo.org/glsa/201503-04"
          },
          {
            "name": "http://secunia.com/advisories/55113",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/55113"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-1991-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-1991-1"
          },
          {
            "name": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2013-0769.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0769.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2013-1605.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html"
          },
          {
            "name": "http://seclists.org/fulldisclosure/2021/Sep/0",
            "refsource": "MISC",
            "url": "http://seclists.org/fulldisclosure/2021/Sep/0"
          },
          {
            "name": "http://secunia.com/advisories/52817",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/52817"
          },
          {
            "name": "http://sourceware.org/bugzilla/show_bug.cgi?id=15330",
            "refsource": "MISC",
            "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=15330"
          },
          {
            "name": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7",
            "refsource": "MISC",
            "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:163",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:163"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2013/04/03/2",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2013/04/03/2"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2013/04/03/8",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2013/04/03/8"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2013/04/05/1",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2013/04/05/1"
          },
          {
            "name": "http://www.securityfocus.com/bid/58839",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/58839"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html",
            "refsource": "MISC",
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"
          },
          {
            "name": "https://bugzilla.novell.com/show_bug.cgi?id=813121",
            "refsource": "MISC",
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=813121"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=947882",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=947882"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.17",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-1914"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "52817",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/52817"
            },
            {
              "name": "[oss-security] 20130403 Re: CVE Request: glibc getaddrinfo() stack overflow",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/03/8"
            },
            {
              "name": "[oss-security] 20130403 CVE Request: glibc getaddrinfo() stack overflow",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/03/2"
            },
            {
              "name": "http://sourceware.org/bugzilla/show_bug.cgi?id=15330",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=15330"
            },
            {
              "name": "RHSA-2013:0769",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0769.html"
            },
            {
              "name": "https://bugzilla.novell.com/show_bug.cgi?id=813121",
              "refsource": "MISC",
              "tags": [],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=813121"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=947882",
              "refsource": "MISC",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=947882"
            },
            {
              "name": "[oss-security] 20130405 Re: CVE Request: glibc getaddrinfo() stack overflow",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/05/1"
            },
            {
              "name": "MDVSA-2013:163",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:163"
            },
            {
              "name": "55113",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/55113"
            },
            {
              "name": "USN-1991-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1991-1"
            },
            {
              "name": "MDVSA-2013:283",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
            },
            {
              "name": "MDVSA-2013:284",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
            },
            {
              "name": "RHSA-2013:1605",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html"
            },
            {
              "name": "58839",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/58839"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"
            },
            {
              "name": "GLSA-201503-04",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201503-04"
            },
            {
              "name": "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2021/Sep/0"
            },
            {
              "name": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
            },
            {
              "name": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7",
              "refsource": "MISC",
              "tags": [],
              "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T04:41Z",
      "publishedDate": "2013-04-29T22:55Z"
    }
  }
}

GHSA-GCW3-7J9C-37J4

Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-1914"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-04-29T22:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.",
  "id": "GHSA-gcw3-7j9c-37j4",
  "modified": "2022-05-13T01:06:55Z",
  "published": "2022-05-13T01:06:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1914"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.novell.com/show_bug.cgi?id=813121"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=947882"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201503-04"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0769.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Sep/0"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/52817"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/55113"
    },
    {
      "type": "WEB",
      "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=15330"
    },
    {
      "type": "WEB",
      "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7"
    },
    {
      "type": "WEB",
      "url": "http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1cef1b19089528db11f221e938f60b9b048945d7"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:163"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/04/03/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/04/03/8"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/04/05/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/58839"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1991-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2013-1914

Vulnerability from fkie_nvd - Published: 2013-04-29 22:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2013-0769.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2013-1605.html
secalert@redhat.com	http://seclists.org/fulldisclosure/2021/Sep/0
secalert@redhat.com	http://secunia.com/advisories/52817	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/55113
secalert@redhat.com	http://sourceware.org/bugzilla/show_bug.cgi?id=15330
secalert@redhat.com	http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2013:163
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2013:284
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/04/03/2
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/04/03/8
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/04/05/1
secalert@redhat.com	http://www.securityfocus.com/bid/58839
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1991-1
secalert@redhat.com	http://www.vmware.com/security/advisories/VMSA-2014-0008.html
secalert@redhat.com	https://bugzilla.novell.com/show_bug.cgi?id=813121
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=947882
secalert@redhat.com	https://security.gentoo.org/glsa/201503-04
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-0769.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-1605.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Sep/0
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/52817	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/55113
af854a3a-2127-422b-91ae-364da2661108	http://sourceware.org/bugzilla/show_bug.cgi?id=15330
af854a3a-2127-422b-91ae-364da2661108	http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2013:163
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2013:284
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/04/03/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/04/03/8
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/04/05/1
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/58839
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1991-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2014-0008.html
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.novell.com/show_bug.cgi?id=813121
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=947882
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201503-04

Impacted products

Vendor	Product	Version
gnu	glibc	*
gnu	glibc	2.0.1
gnu	glibc	2.0.6
gnu	glibc	2.2
gnu	glibc	2.2.1
gnu	glibc	2.2.2
gnu	glibc	2.2.3
gnu	glibc	2.2.4
gnu	glibc	2.2.5
gnu	glibc	2.3
gnu	glibc	2.3.1
gnu	glibc	2.3.2
gnu	glibc	2.3.3
gnu	glibc	2.3.4
gnu	glibc	2.3.5
gnu	glibc	2.3.6
gnu	glibc	2.4
gnu	glibc	2.5
gnu	glibc	2.5.1
gnu	glibc	2.6
gnu	glibc	2.6.1
gnu	glibc	2.7
gnu	glibc	2.8
gnu	glibc	2.9
gnu	glibc	2.10.1
gnu	glibc	2.11
gnu	glibc	2.11.1
gnu	glibc	2.11.2
gnu	glibc	2.11.3
gnu	glibc	2.12.1
gnu	glibc	2.12.2
gnu	glibc	2.13
gnu	glibc	2.14
gnu	glibc	2.14.1
gnu	glibc	2.15
gnu	glibc	2.16

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "80EA2A91-4CBF-4AF4-9776-BF9EFDA67CDF",
              "versionEndIncluding": "2.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEA795F7-8AAC-42BA-971B-601346704BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1329215-C53A-40D5-8E9C-F457D092E483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F23D2F-A01F-4949-A917-D1164E14EAA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "64576C9A-FCD9-4410-B590-AB43F9F85D2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "229AC4E3-AFBA-4EF4-8534-8FBE1E630253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B91503A-E8DC-4DFF-98D4-687B5AE41438",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "241A4B59-7BBC-4656-93AC-7DD8BE29EB58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "00D0DBDC-1559-406D-AADC-12B5ABDD2BE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5294FCC-3933-4CD5-8DFE-BCDC00F4BD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5CA3E33-7CC6-4AC5-999A-3C46D7FD14A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAADC158-B7EF-4135-B383-0DA43065B43E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "261A4A17-3B9E-46E6-897B-DB0C8358A1D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAC8483-5060-428B-8D8E-C30E5823BB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "44A511B6-72EC-4200-8C1C-BDE30BC2431A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B03C644D-0EF9-4586-96D5-5DEE78D9D5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "42AD17CD-545F-425A-92CF-0EE5F5B5F74E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC0B9503-9AD0-4A1A-BD4F-4B902BFC8E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0660536D-7F82-4B91-8B84-704D26FE989F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2037E8C-43E8-4121-B877-1834282ACD2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFCA5E85-9AFA-429A-AC51-8D8EC2841330",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D41ABE25-DECD-4068-93DA-0B85281FD93A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "84600406-0CE2-46EA-A5AD-4CC0D3494AB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96FA9ED-7529-440D-984D-6340B94D8243",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A30D0EE-1AED-4C99-8A22-24E47212F3FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "4169CA4B-C4F5-499A-A35A-49DD43AC0A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3AC9749-52C5-4E17-8A77-5F4ED91FA8E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C55E32EC-33A6-4145-9B76-C7E3DBACD1E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6423F0B5-E483-4DE9-B13F-3A7322F055DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C543B0E8-8B48-44A4-B63F-B2D9EA23E8EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "37880948-2AB5-491A-85E2-B7E271E03B1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF8E0DCD-8D39-4C89-9B4C-37025D9BE3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD5D113-EF53-4690-92AC-B6E54D70AA9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92B1C39D-1183-4FAE-85C2-D1DC7AA6F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "733A1711-D2FC-45C6-9542-893860851F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA4CFA8E-9892-4DDA-9DB2-581711E974A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n getaddrinfo en sysdeps/posix/getaddrinfo.c en GNU C Library (tambien conocido como glibc o libc6) v2.17 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un (1) nombre de host o (2) una direcci\u00f3n IP que desencadenan un gran n\u00famero de resultados en la conversi\u00f3n de dominio."
    }
  ],
  "id": "CVE-2013-1914",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-04-29T22:55:01.057",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0769.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/fulldisclosure/2021/Sep/0"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/52817"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/55113"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=15330"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:163"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/04/03/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/04/03/8"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/04/05/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/58839"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1991-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.novell.com/show_bug.cgi?id=813121"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=947882"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.gentoo.org/glsa/201503-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0769.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2021/Sep/0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/52817"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=15330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/04/03/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/04/03/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/04/05/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/58839"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1991-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.novell.com/show_bug.cgi?id=813121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=947882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201503-04"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2014-AVI-382

Vulnerability from certfr_avis - Published: 2014-09-11 - Updated: 2014-09-11

De multiples vulnérabilités ont été corrigées dans VMware vSphere. Elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	vCenter Server	VMware vCenter Server 5.5 inférieure à Update 2
VMware	ESXi	VMware ESXi 5.5 sans le correctif ESXi550-201409101-SG
VMware	N/A	VMware vCenter Update Manager 5.5 inférieure à Update 2

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-1914 (GCVE-0-2013-1914)

GSD-2013-1914

GHSA-GCW3-7J9C-37J4

FKIE_CVE-2013-1914

CERTFR-2014-AVI-382

Solution

Tags

Sightings

Nomenclature