A stack frame overflow flaw was found in the glibc's clntudp_call(). A malicious server could use this flaw to flood a connecting client application with ICMP and UDP packets, triggering the stack overflow and resulting in a crash.
clntudp_call() contains an alloca call in a loop, which causes it to consume very large amounts of stack space.
The same faulty code is also present in the libtirpc library.
Name: Aldy Hernandez (Red Hat)
Created libtirpc tracking bugs for this issue:
Affects: fedora-all [bug 1337142]
Created glibc tracking bugs for this issue:
Affects: fedora-all [bug 1337140]
Created attachment 1158765 [details]
Red Hat Product Security has rated this issue as having Low security impact, a future update may address this flaw.