Vulnerability Details : CVE-2013-7424
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.
Vulnerability category: Execute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-7424
Probability of exploitation activity in the next 30 days: 1.36%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-7424
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
CWE ids for CVE-2013-7424
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-7424
-
http://www.openwall.com/lists/oss-security/2015/01/29/21
oss-security - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
-
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7
sourceware.org Git - glibc.git/commitdiff
-
https://sourceware.org/bugzilla/show_bug.cgi?id=18011
18011 – (CVE-2013-7424) Invalid free in getaddrinfo with AI_IDN (CVE-2013-7424)
-
https://bugzilla.redhat.com/show_bug.cgi?id=1186614
1186614 – (CVE-2013-7424) CVE-2013-7424 glibc: Invalid-free when using getaddrinfo()
-
http://www.securityfocus.com/bid/72710
GNU glibc 'getaddrinfo.c' Remote Code Execution Vulnerability
-
https://bugzilla.redhat.com/show_bug.cgi?id=981942
981942 – CVE-2013-7424 glibc: ping6 with idn causes crash
-
http://rhn.redhat.com/errata/RHSA-2015-1627.html
RHSA-2015:1627 - Security Advisory - Red Hat Customer PortalVendor Advisory
Products affected by CVE-2013-7424
- cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*