CVE-2016-5417

Priority
Description
Memory leak in the __res_vinit function in the IPv6 name server management
code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows
remote attackers to cause a denial of service (memory consumption) by
leveraging partial initialization of internal resolver data structures.
Ubuntu-Description
Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU
C Library did not properly track memory allocations. An attacker could
use this to cause a denial of service.
Notes
sbeattieintroduced in 2.22 commit 2212c1420c92a33b0e0bd9a34938c9814a56c0f7
Package
Upstream:not-affected (pre 2.22)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (pre 2.22)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2020-09-10 05:29:50 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)