CVE-2014-8121

Priority
Description
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU
C Library (aka glibc or libc6) 2.21 and earlier does not properly check if
a file is open, which allows remote attackers to cause a denial of service
(infinite loop) by performing a look-up on a database while iterating over
it, which triggers the file pointer to be reset.
Ubuntu-Description
Robin Hack discovered that the Name Service Switch (NSS)
implementation in the GNU C Library did not properly manage its file
descriptors. An attacker could use this to cause a denial of service
(infinite loop).
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2.15-0ubuntu10.14)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.19-0ubuntu6.8)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: glibc (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.23-0ubuntu1)
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=03d2730b44cc2236318fd978afa2651753666c55
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b13b96ca05a132a12dc5f3712b99e626670716bf
More Information

Updated: 2020-07-28 19:52:48 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)