Bug 1186614 (CVE-2013-7424)
Summary: | CVE-2013-7424 glibc: Invalid-free when using getaddrinfo() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | arjun.is, ashankar, codonell, fweimer, hannsj_uhl, huzaifas, jakub, law, mnewsome, pdwyer, pfrankli, security-response-team, vkaigoro, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-24 08:30:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 981942, 1233404 | ||
Bug Blocks: | 1187112 |
Description
Huzaifa S. Sidhpurwala
2015-01-28 06:50:44 UTC
Filed a CVE request at: http://seclists.org/oss-sec/2015/q1/306 This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2015:1627 https://rhn.redhat.com/errata/RHSA-2015-1627.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2014:1391 https://rhn.redhat.com/errata/RHSA-2014-1391.html |