Vulnerability Details : CVE-2016-3706
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.
Vulnerability category: OverflowInput validationDenial of service
Products affected by CVE-2016-3706
- cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-3706
1.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-3706
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-3706
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-3706
-
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9
sourceware.org Git
-
http://www.securityfocus.com/bid/102073
Google Android Multiple Qualcomm Components Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
IBM notice: The page you requested cannot be displayedThird Party Advisory
-
https://sourceware.org/bugzilla/show_bug.cgi?id=20010
20010 – (CVE-2016-3706) getaddrinfo: Stack overflow in hostent translation (CVE-2016-3706)Issue Tracking
-
http://www.securityfocus.com/bid/88440
GNU glibc 'getaddrinfo()' Function Incomplete Fix Remote Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://source.android.com/security/bulletin/2017-12-01
Android Security Bulletin—December 2017 | Android Open Source ProjectThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html
openSUSE-SU-2016:1527-1: moderate: Security update for glibcMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html
openSUSE-SU-2016:1779-1: moderate: Security update for glibcMailing List;Third Party Advisory
Jump to