Bug 1330887 (CVE-2016-3706) - CVE-2016-3706 glibc: stack (frame) overflow in getaddrinfo() when called with AF_INET, AF_INET6 (incomplete fix for CVE-2013-4458)
Summary: CVE-2016-3706 glibc: stack (frame) overflow in getaddrinfo() when called with...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2016-3706
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1329674 1330888
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-04-27 08:56 UTC by Martin Prpič
Modified: 2021-02-17 03:58 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-04-27 08:57:32 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Sourceware 20010 0 P2 RESOLVED getaddrinfo: Stack overflow in hostent translation (CVE-2016-3706) 2020-02-12 22:04:25 UTC

Description Martin Prpič 2016-04-27 08:56:25 UTC 
It was found that the fix for CVE-2013-4458 is incomplete. 

A stack (frame) overflow flaw, which could led to a denial of service (application crash), was found in the way glibc's getaddrinfo() function processed certain requests when called with AF_INET or AF_INET6.

This is less substantial than the CVE-2013-4458 issue because there is an other, unfixed bug in nss_files which causes it to use gigabytes of stack space with "multi on" (our default) in /etc/host.conf. Only about 4096 addresses fit into a DNS reply, so this is not really exploitable via nss_dns (only in fringe cases with extremely small stacks, as sometimes seen with Java VMs).
Comment 1 Martin Prpič 2016-04-27 08:56:37 UTC 
Acknowledgments:

Name: Michael Petlan (Red Hat)
Comment 2 Martin Prpič 2016-04-27 08:57:01 UTC 
Created glibc tracking bugs for this issue:

Affects: fedora-all [bug 1330888]
Note You need to log in before you can comment on or make changes to this bug.