Vulnerability-Lookup

CVE-2016-3706 (GCVE-0-2016-3706)

Vulnerability from cvelistv5 – Published: 2016-06-10 15:00 – Updated: 2024-08-06 00:03

Summary

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	https://sourceware.org/git/gitweb.cgi?p=glibc.git…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/88440	vdb-entryx_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM
	https://sourceware.org/bugzilla/show_bug.cgi?id=20010	x_refsource_CONFIRM
	https://source.android.com/security/bulletin/2017-12-01	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	http://www.securityfocus.com/bid/102073	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.443Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2016:1779",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9"
          },
          {
            "name": "88440",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/88440"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20010"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2017-12-01"
          },
          {
            "name": "openSUSE-SU-2016:1527",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html"
          },
          {
            "name": "102073",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102073"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-07T10:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openSUSE-SU-2016:1779",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9"
        },
        {
          "name": "88440",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/88440"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20010"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://source.android.com/security/bulletin/2017-12-01"
        },
        {
          "name": "openSUSE-SU-2016:1527",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html"
        },
        {
          "name": "102073",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102073"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-3706",
    "datePublished": "2016-06-10T15:00:00.000Z",
    "dateReserved": "2016-03-30T00:00:00.000Z",
    "dateUpdated": "2024-08-06T00:03:34.443Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2016-AVI-273

Vulnerability from certfr_avis - Published: 2016-08-11 - Updated: 2016-08-11

De multiples vulnérabilités ont été corrigées dans la bibliothèque GNU C (glibc). Elles permettent à un attaquant de provoquer un déni de service à distance et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Bibliothèque GNU C en version antérieure à 2.24

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Annonce GNU du 04 août 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eBiblioth\u00e8que GNU C en version ant\u00e9rieure \u00e0 2.24\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1234"
    },
    {
      "name": "CVE-2016-3075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3075"
    },
    {
      "name": "CVE-2016-5417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5417"
    },
    {
      "name": "CVE-2016-3706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3706"
    },
    {
      "name": "CVE-2016-4429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4429"
    }
  ],
  "initial_release_date": "2016-08-11T00:00:00",
  "last_revision_date": "2016-08-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-273",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-08-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ela biblioth\u00e8que GNU C (glibc)\u003c/span\u003e. Elles permettent \u00e0\nun attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un d\u00e9ni de\nservice.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans la biblioth\u00e8que GNU C (glibc)",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonce GNU du 04 ao\u00fbt 2016",
      "url": "https://www.sourceware.org/ml/libc-alpha/2016-08/msg00212.html"
    }
  ]
}

CERTFR-2017-AVI-449

Vulnerability from certfr_avis - Published: 2017-12-05 - Updated: 2017-12-05

De multiples vulnérabilités ont été découvertes dans Google Android . Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Android	Google Android toutes versions n'intégrant pas le correctif de sécurité du 04 décembre 2017

References

Title

Publication Time

Tags

Bulletin de sécurité Pixel/Nexus du 04 décembre 2017	None	vendor-advisory
Bulletin de sécurité Android du 04 décembre 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Android toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 04 d\u00e9cembre 2017",
      "product": {
        "name": "Android",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-0878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0878"
    },
    {
      "name": "CVE-2017-14907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14907"
    },
    {
      "name": "CVE-2017-9710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9710"
    },
    {
      "name": "CVE-2017-9722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9722"
    },
    {
      "name": "CVE-2017-9698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9698"
    },
    {
      "name": "CVE-2017-11044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11044"
    },
    {
      "name": "CVE-2017-13170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13170"
    },
    {
      "name": "CVE-2017-14899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14899"
    },
    {
      "name": "CVE-2017-13158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13158"
    },
    {
      "name": "CVE-2017-14904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14904"
    },
    {
      "name": "CVE-2017-6211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6211"
    },
    {
      "name": "CVE-2017-14897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14897"
    },
    {
      "name": "CVE-2017-14902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14902"
    },
    {
      "name": "CVE-2017-14914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14914"
    },
    {
      "name": "CVE-2017-0564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0564"
    },
    {
      "name": "CVE-2017-9700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9700"
    },
    {
      "name": "CVE-2017-11019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11019"
    },
    {
      "name": "CVE-2017-14896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14896"
    },
    {
      "name": "CVE-2017-11005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11005"
    },
    {
      "name": "CVE-2017-15813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15813"
    },
    {
      "name": "CVE-2017-0877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0877"
    },
    {
      "name": "CVE-2017-0873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0873"
    },
    {
      "name": "CVE-2017-11016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11016"
    },
    {
      "name": "CVE-2017-11033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11033"
    },
    {
      "name": "CVE-2017-9708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9708"
    },
    {
      "name": "CVE-2017-13152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13152"
    },
    {
      "name": "CVE-2017-13169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13169"
    },
    {
      "name": "CVE-2017-14903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14903"
    },
    {
      "name": "CVE-2017-14908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14908"
    },
    {
      "name": "CVE-2017-13156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13156"
    },
    {
      "name": "CVE-2017-13173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13173"
    },
    {
      "name": "CVE-2017-13167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13167"
    },
    {
      "name": "CVE-2017-7533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7533"
    },
    {
      "name": "CVE-2017-11049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11049"
    },
    {
      "name": "CVE-2017-14918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14918"
    },
    {
      "name": "CVE-2017-13171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13171"
    },
    {
      "name": "CVE-2017-13153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13153"
    },
    {
      "name": "CVE-2017-0880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0880"
    },
    {
      "name": "CVE-2017-0879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0879"
    },
    {
      "name": "CVE-2017-0870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0870"
    },
    {
      "name": "CVE-2017-13151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13151"
    },
    {
      "name": "CVE-2017-6262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6262"
    },
    {
      "name": "CVE-2017-13164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13164"
    },
    {
      "name": "CVE-2017-0871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0871"
    },
    {
      "name": "CVE-2017-14917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14917"
    },
    {
      "name": "CVE-2017-9716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9716"
    },
    {
      "name": "CVE-2017-13150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13150"
    },
    {
      "name": "CVE-2017-11047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11047"
    },
    {
      "name": "CVE-2017-13163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13163"
    },
    {
      "name": "CVE-2017-9709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9709"
    },
    {
      "name": "CVE-2017-14901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14901"
    },
    {
      "name": "CVE-2017-11042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11042"
    },
    {
      "name": "CVE-2017-13166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13166"
    },
    {
      "name": "CVE-2017-13148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13148"
    },
    {
      "name": "CVE-2017-0807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0807"
    },
    {
      "name": "CVE-2017-13160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13160"
    },
    {
      "name": "CVE-2017-13165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13165"
    },
    {
      "name": "CVE-2017-13174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13174"
    },
    {
      "name": "CVE-2017-13157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13157"
    },
    {
      "name": "CVE-2017-9703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9703"
    },
    {
      "name": "CVE-2017-15868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15868"
    },
    {
      "name": "CVE-2016-3706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3706"
    },
    {
      "name": "CVE-2017-0872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0872"
    },
    {
      "name": "CVE-2017-11031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11031"
    },
    {
      "name": "CVE-2017-13172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13172"
    },
    {
      "name": "CVE-2017-13175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13175"
    },
    {
      "name": "CVE-2017-6276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6276"
    },
    {
      "name": "CVE-2017-14905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14905"
    },
    {
      "name": "CVE-2017-13149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13149"
    },
    {
      "name": "CVE-2017-14909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14909"
    },
    {
      "name": "CVE-2017-13159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13159"
    },
    {
      "name": "CVE-2017-6280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6280"
    },
    {
      "name": "CVE-2017-8281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8281"
    },
    {
      "name": "CVE-2017-0837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0837"
    },
    {
      "name": "CVE-2017-14895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14895"
    },
    {
      "name": "CVE-2017-11045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11045"
    },
    {
      "name": "CVE-2017-11030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11030"
    },
    {
      "name": "CVE-2017-13162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13162"
    },
    {
      "name": "CVE-2017-13168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13168"
    },
    {
      "name": "CVE-2017-14916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14916"
    },
    {
      "name": "CVE-2017-14898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14898"
    },
    {
      "name": "CVE-2017-1000380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000380"
    },
    {
      "name": "CVE-2017-0876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0876"
    },
    {
      "name": "CVE-2017-11006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11006"
    },
    {
      "name": "CVE-2017-0874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0874"
    },
    {
      "name": "CVE-2017-11007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11007"
    },
    {
      "name": "CVE-2017-6263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6263"
    },
    {
      "name": "CVE-2017-8244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8244"
    },
    {
      "name": "CVE-2016-5341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5341"
    },
    {
      "name": "CVE-2017-9718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9718"
    },
    {
      "name": "CVE-2017-13154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13154"
    },
    {
      "name": "CVE-2017-14900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14900"
    },
    {
      "name": "CVE-2016-4429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4429"
    },
    {
      "name": "CVE-2017-11043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11043"
    },
    {
      "name": "CVE-2017-13161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13161"
    }
  ],
  "initial_release_date": "2017-12-05T00:00:00",
  "last_revision_date": "2017-12-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2017-AVI-449",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-12-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android .\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Pixel/Nexus du 04 d\u00e9cembre 2017",
      "url": "https://source.android.com/security/bulletin/pixel/2017-12-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Android du 04 d\u00e9cembre 2017",
      "url": "https://source.android.com/security/bulletin/2017-12-01"
    }
  ]
}

FKIE_CVE-2016-3706

Vulnerability from fkie_nvd - Published: 2016-06-10 15:59 - Updated: 2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://www-01.ibm.com/support/docview.wss?uid=swg21995039	Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/102073	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securityfocus.com/bid/88440	Third Party Advisory, VDB Entry
secalert@redhat.com	https://source.android.com/security/bulletin/2017-12-01	Third Party Advisory
secalert@redhat.com	https://sourceware.org/bugzilla/show_bug.cgi?id=20010	Issue Tracking
secalert@redhat.com	https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21995039	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102073	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/88440	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://source.android.com/security/bulletin/2017-12-01	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://sourceware.org/bugzilla/show_bug.cgi?id=20010	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9

Impacted products

	Vendor	Product	Version
	opensuse	opensuse	13.2
	gnu	glibc	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A31C63-7581-4835-A2B9-08B11678BF02",
              "versionEndExcluding": "2.23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458."
    },
    {
      "lang": "es",
      "value": "Desbordamiento del buffer basado en pila en la funci\u00f3n getaddrinfo en sysdeps/posix/getaddrinfo.c en GNU C Library (tambi\u00e9n conocida como glibc o libc6) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de vectores relacionados con la conversi\u00f3n hostent. NOTA: esta vulnerabilidad existe debido a una reparaci\u00f3n incompleta de CVE-2013-4458."
    }
  ],
  "id": "CVE-2016-3706",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-10T15:59:03.360",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102073"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/88440"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://source.android.com/security/bulletin/2017-12-01"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20010"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/88440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://source.android.com/security/bulletin/2017-12-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2X2R-J2QJ-78Q7

Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-3706"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-06-10T15:59:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.",
  "id": "GHSA-2x2r-j2qj-78q7",
  "modified": "2022-05-13T01:13:59Z",
  "published": "2022-05-13T01:13:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3706"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-12-01"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20010"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102073"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/88440"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2016-03928

Vulnerability from cnvd - Published: 2016-06-13

Title

GNU C Library getaddrinfo函数栈缓冲区溢出漏洞

Description

glibc是GNU发布的libc库，即c运行库。 GNU C Library (glibc或libc6) sysdeps/posix/getaddrinfo.c/getaddrinfo函数存在栈缓冲区溢出漏洞。远程攻击者通过hostent转换，可造成拒绝服务。

Severity

中

Patch Name

GNU C Library getaddrinfo函数栈缓冲区溢出漏洞的补丁

Patch Description

glibc是GNU发布的libc库，即c运行库。 GNU C Library (glibc或libc6) sysdeps/posix/getaddrinfo.c/getaddrinfo函数存在栈缓冲区溢出漏洞。远程攻击者通过hostent转换，可造成拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://sourceware.org/bugzilla/show_bug.cgi?id=20010

Reference

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3706 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9

Impacted products

Name
GNU glibc

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-3706"
    }
  },
  "description": "glibc\u662fGNU\u53d1\u5e03\u7684libc\u5e93\uff0c\u5373c\u8fd0\u884c\u5e93\u3002\r\n\r\nGNU C Library (glibc\u6216libc6) sysdeps/posix/getaddrinfo.c/getaddrinfo\u51fd\u6570\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7hostent\u8f6c\u6362\uff0c\u53ef\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Florian Weimer",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=20010",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-03928",
  "openTime": "2016-06-13",
  "patchDescription": "glibc\u662fGNU\u53d1\u5e03\u7684libc\u5e93\uff0c\u5373c\u8fd0\u884c\u5e93\u3002\r\n\r\nGNU C Library (glibc\u6216libc6) sysdeps/posix/getaddrinfo.c/getaddrinfo\u51fd\u6570\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7hostent\u8f6c\u6362\uff0c\u53ef\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GNU C Library getaddrinfo\u51fd\u6570\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "GNU glibc"
  },
  "referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3706\r\nhttps://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9",
  "serverity": "\u4e2d",
  "submitTime": "2016-06-12",
  "title": "GNU C Library getaddrinfo\u51fd\u6570\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

GSD-2016-3706

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-3706

Aliases

CVE-2016-3706

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-3706",
    "description": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.",
    "id": "GSD-2016-3706",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-3706.html",
      "https://ubuntu.com/security/CVE-2016-3706",
      "https://advisories.mageia.org/CVE-2016-3706.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-3706"
      ],
      "details": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.",
      "id": "GSD-2016-3706",
      "modified": "2023-12-13T01:21:27.871555Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2016-3706",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html"
          },
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
            "refsource": "MISC",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "name": "http://www.securityfocus.com/bid/102073",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/102073"
          },
          {
            "name": "http://www.securityfocus.com/bid/88440",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/88440"
          },
          {
            "name": "https://source.android.com/security/bulletin/2017-12-01",
            "refsource": "MISC",
            "url": "https://source.android.com/security/bulletin/2017-12-01"
          },
          {
            "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=20010",
            "refsource": "MISC",
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20010"
          },
          {
            "name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9",
            "refsource": "MISC",
            "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.23",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-3706"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=20010",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20010"
            },
            {
              "name": "openSUSE-SU-2016:1527",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html"
            },
            {
              "name": "openSUSE-SU-2016:1779",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html"
            },
            {
              "name": "88440",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/88440"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
            },
            {
              "name": "https://source.android.com/security/bulletin/2017-12-01",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://source.android.com/security/bulletin/2017-12-01"
            },
            {
              "name": "102073",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102073"
            },
            {
              "name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9",
              "refsource": "MISC",
              "tags": [],
              "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-02-12T23:18Z",
      "publishedDate": "2016-06-10T15:59Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-3706 (GCVE-0-2016-3706)

CERTFR-2016-AVI-273

Solution

CERTFR-2017-AVI-449

Solution

FKIE_CVE-2016-3706

GHSA-2X2R-J2QJ-78Q7

CNVD-2016-03928

GSD-2016-3706

Tags

Sightings

Nomenclature