Stack-based buffer overflow in the getaddrinfo function in
sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6)
allows remote attackers to cause a denial of service (crash) via vectors
involving hostent conversion. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2013-4458.
Michael Petlan discovered an unbounded stack allocation in the
getaddrinfo() function of the GNU C Library. An attacker could use
this to cause a denial of service.
sbeattie> other versions of fixes in glibc bug report
sbeattie> reverted in Ubuntu 12.04 LTS due to breaking IPv6 name
Updated: 2017-03-24 06:14:18 UTC (commit 12294)