CVE-2013-7424

Published: 26 August 2015

The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.

Priority

Medium

Status

Package Release Status
eglibc
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(2.19-0ubuntu6.5)
glibc
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=2e96f1c7

Notes

AuthorNote
mdeslaur
introduced by https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=34a9094f49241ebb72084c536cf468fd51ebe3ec
lucid doesn't look vulnerable

References

Bugs