Vulnerability Details : CVE-2013-1914
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2013-1914
- cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1914
17.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1914
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-1914
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1914
-
http://www.ubuntu.com/usn/USN-1991-1
USN-1991-1: GNU C Library vulnerabilities | Ubuntu security notices
-
http://seclists.org/fulldisclosure/2021/Sep/0
Full Disclosure: SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices
-
http://www.openwall.com/lists/oss-security/2013/04/03/8
oss-security - Re: CVE Request: glibc getaddrinfo() stack overflow
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:284
mandriva.com
-
http://www.vmware.com/security/advisories/VMSA-2014-0008.html
VMSA-2014-0008.2
-
https://security.gentoo.org/glsa/201503-04
GNU C Library: Multiple vulnerabilities (GLSA 201503-04) — Gentoo security
-
https://bugzilla.novell.com/show_bug.cgi?id=813121
Bug 813121 – VUL-1: CVE-2013-1914: glibc: stack overflow in getaddrinfo() sorting
-
http://sourceware.org/bugzilla/show_bug.cgi?id=15330
15330 – (CVE-2013-1914) Stack overflow in getaddrinfo with many results (CVE-2013-1914)
-
http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
Moxa Command Injection / Cross Site Scripting / Vulnerable Software ≈ Packet Storm
-
http://rhn.redhat.com/errata/RHSA-2013-0769.html
RHSA-2013:0769 - Security Advisory - Red Hat Customer Portal
-
http://www.openwall.com/lists/oss-security/2013/04/05/1
oss-security - Re: CVE Request: glibc getaddrinfo() stack overflow
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
mandriva.com
-
http://www.openwall.com/lists/oss-security/2013/04/03/2
oss-security - CVE Request: glibc getaddrinfo() stack overflow
-
http://rhn.redhat.com/errata/RHSA-2013-1605.html
RHSA-2013:1605 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/58839
GNU glibc 'getaddrinfo()' Stack Buffer Overflow Vulnerability
-
http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7
sourceware.org Git
-
https://bugzilla.redhat.com/show_bug.cgi?id=947882
947882 – (CVE-2013-1914) CVE-2013-1914 glibc: Stack (frame) overflow in getaddrinfo() when processing entry mapping to long list of address structures
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:163
mandriva.com
Jump to