CVE-2016-5417

Priority
Low
Description
Memory leak in the __res_vinit function in the IPv6 name server management
code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows
remote attackers to cause a denial of service (memory consumption) by
leveraging partial initialization of internal resolver data structures.
Ubuntu-Description
Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU
C Library did not properly track memory allocations. An attacker could
use this to cause a denial of service.
References
Notes
 sbeattie> introduced in 2.22 commit 2212c1420c92a33b0e0bd9a34938c9814a56c0f7
Package
Upstream:not-affected (pre 2.22)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (pre 2.22)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Source: glibc (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:not-affected (pre 2.22)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.23-0ubuntu6)
Ubuntu 17.04 (Zesty Zapus):not-affected (2.24-0ubuntu1)
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5e7fdabd7df1fc6c56d104e61390bf5a6b526c38 (trunk)
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=317da342ba4417c30d985f5593d78bb1364a62c3 (2.23)
More Information

Updated: 2017-08-11 23:55:07 UTC (commit 13081)