Main Vulnerability Database SB2019012201

SB2019012201 - Security restrictions bypass in Glibc getaddrinfo()

Published: January 22, 2019

Security Bulletin ID SB2019012201

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2016-10739)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to the getaddrinfo() function accepts an IPv4 address followed by whitespace and arbitrary characters and treats his input as a correct IPv4 address. Software that accepts input from the getaddrinfo() function may incorrectly assume that the function return IPv4 address only. As a result, a remote attacker can inject arbitrary data into the IPv4 address and change application's behavior that relies on getaddrinfo() output (e.g., inject HTTP headers or other potentially dangerous strings).

Remediation

Install update from vendor's website.

SB2019012201 - Security restrictions bypass in Glibc getaddrinfo()

Breakdown by Severity

Description

Remediation

References