CVE-2016-3706

Priority
Description
Stack-based buffer overflow in the getaddrinfo function in
sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6)
allows remote attackers to cause a denial of service (crash) via vectors
involving hostent conversion. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2013-4458.
Ubuntu-Description
Michael Petlan discovered an unbounded stack allocation in the
getaddrinfo() function of the GNU C Library. An attacker could use
this to cause a denial of service.
Notes
sbeattieother versions of fixes in glibc bug report
reverted in Ubuntu 12.04 LTS due to breaking IPv6 name
resolution
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 ESM (Trusty Tahr):released (2.19-0ubuntu6.10)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Source: glibc (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.23-0ubuntu6)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.24-0ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (2.24-0ubuntu1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (2.24-0ubuntu1)
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9 (trunk)
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1a8a7c12950a0026a3c406a7cb1608f96aa1460e (2.23
More Information

Updated: 2020-10-24 06:31:46 UTC (commit 69e225d81a6ee3e2e014950178db797c5d4e5009)