CVE-2018-19591

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2018-19591
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://www.securityfocus.com/bid/106037 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1042174 Third Party Advisory VDB Entry
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO7WHN52GFMC5F2I2232GFIPSSXWFV7G/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M52KE4YR3GNMHQUOS3DKAGZD5TQ5D5UH/
https://security.gentoo.org/glsa/201903-09 Third Party Advisory
https://security.gentoo.org/glsa/201908-06
https://security.netapp.com/advisory/ntap-20190321-0003/
https://sourceware.org/bugzilla/show_bug.cgi?id=23927 Exploit Issue Tracking Third Party Advisory
https://sourceware.org/git/?p=glibc.git%3Ba=blob_plain%3Bf=NEWS%3Bhb=HEAD
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=d527c860f5a3f0ed687bd03f0cb464612dc23408
https://usn.ubuntu.com/4416-1/
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
History

07 Nov 2023, 02:55

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO7WHN52GFMC5F2I2232GFIPSSXWFV7G/', 'name': 'FEDORA-2018-f6b7df660d', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d527c860f5a3f0ed687bd03f0cb464612dc23408', 'name': 'https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d527c860f5a3f0ed687bd03f0cb464612dc23408', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory'], 'refsource': 'CONFIRM'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M52KE4YR3GNMHQUOS3DKAGZD5TQ5D5UH/', 'name': 'FEDORA-2018-060302dc83', 'tags': ['Patch', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=NEWS;hb=HEAD', 'name': 'https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=NEWS;hb=HEAD', 'tags': ['Release Notes', 'Third Party Advisory'], 'refsource': 'CONFIRM'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M52KE4YR3GNMHQUOS3DKAGZD5TQ5D5UH/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO7WHN52GFMC5F2I2232GFIPSSXWFV7G/ -
  • () https://sourceware.org/git/?p=glibc.git%3Ba=blob_plain%3Bf=NEWS%3Bhb=HEAD -
  • () https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=d527c860f5a3f0ed687bd03f0cb464612dc23408 -
Information

Published : 2018-12-04 16:29

Updated : 2023-12-10 12:44

NVD link : CVE-2018-19591

Mitre link : CVE-2018-19591

CVE.ORG link : CVE-2018-19591

JSON object : View

Products Affected

gnu

  • glibc

fedoraproject

  • fedora
CWE
CWE-20

Improper Input Validation