CVE-2016-10739

Priority
Description
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo
function would successfully parse a string that contained an IPv4 address
followed by whitespace and arbitrary characters, which could lead
applications to incorrectly assume that it had parsed a valid string,
without the possibility of embedded HTTP headers or other potentially
dangerous substrings.
Notes
mdeslaurglibc uses this internally to parse config files, fixing this
may introduce unwanted regressions and changes in behaviour
leosilvaSee CVE-2019-18348 for Python that is affected by this issue.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
More Information

Updated: 2020-04-24 03:25:45 UTC (commit d3f8a6ed481830fb100109a132bef581fc4176fe)