5

CVE-2013-7423

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version10.04 SwEditionlts
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version14.10
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
GnuGlibc Version < 2.20
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.81% 0.922
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
http://seclists.org/fulldisclosure/2021/Sep/0
https://security.gentoo.org/glsa/201602-02
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0863.html
http://www.openwall.com/lists/oss-security/2015/01/28/20
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/72844
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2519-1
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1207
Third Party Advisory
https://github.com/golang/go/issues/6336
Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=15946
Issue Tracking