CVE-2016-3706

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.
Configurations

Configuration 1 (hide)

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

History

12 Feb 2023, 23:18

Type Values Removed Values Added
References
  • {'url': 'https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9', 'name': 'https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9', 'tags': ['Third Party Advisory'], 'refsource': 'CONFIRM'}
  • (MISC) https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9 -

Information

Published : 2016-06-10 15:59

Updated : 2023-12-10 11:46


NVD link : CVE-2016-3706

Mitre link : CVE-2016-3706

CVE.ORG link : CVE-2016-3706


JSON object : View

Products Affected

gnu

  • glibc

opensuse

  • opensuse
CWE
CWE-20

Improper Input Validation