CVE-2016-10739

Priority
Description
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo
function would successfully parse a string that contained an IPv4 address
followed by whitespace and arbitrary characters, which could lead
applications to incorrectly assume that it had parsed a valid string,
without the possibility of embedded HTTP headers or other potentially
dangerous substrings.
Notes
mdeslaurglibc uses this internally to parse config files, fixing this
may introduce unwanted regressions and changes in behaviour
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
More Information

Updated: 2019-12-05 19:29:02 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)