CVE-2016-4429

Priority
Low
Description
Stack-based buffer overflow in the clntudp_call function in
sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote
servers to cause a denial of service (crash) or possibly unspecified other
impact via a flood of crafted ICMP and UDP packets.
Ubuntu-Description
Aldy Hernandez discovered an unbounded stack allocation in the sunrpc
implementation in the GNU C Library. An attacker could use this to
cause a denial of service.
References
Bugs
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 16.10 (Yakkety Yak):needs-triage
Ubuntu 17.04 (Zesty Zapus):needs-triage
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (2.15-0ubuntu10.16)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.19-0ubuntu6.10)
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 16.10 (Yakkety Yak):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Source: glibc (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Touch 15.04:needs-triage
Ubuntu Core 15.04:needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):released (2.23-0ubuntu6)
Ubuntu 16.10 (Yakkety Yak):not-affected (2.24-0ubuntu1)
Ubuntu 17.04 (Zesty Zapus):not-affected (2.24-0ubuntu1)
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c (trunk)
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdce95930e1d9a7d013d1ba78740243491262879 (2.23)
More Information

Updated: 2017-03-21 04:14:17 UTC (commit 12277)