Launchpad CVE tracker

CVE 2013-7423

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.

Related bugs and status

CVE-2013-7423 (Candidate) is related to these bugs:

Bug #1328975: libc6: getaddrinfo() sends DNS queries to random file descriptors

		In	Importance	Status
1328975	libc6: getaddrinfo() sends DNS queries to random file descriptors	eglibc (Ubuntu)	Undecided	Invalid
1328975	libc6: getaddrinfo() sends DNS queries to random file descriptors	eglibc (Ubuntu Trusty)	Undecided	Confirmed
1328975	libc6: getaddrinfo() sends DNS queries to random file descriptors	glibc (Ubuntu)	Undecided	Fix Released
1328975	libc6: getaddrinfo() sends DNS queries to random file descriptors	glibc (Ubuntu Trusty)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2015012...
CONFIRM: https://github.com/gol...
CONFIRM: https://sourceware.org...
SUSE: openSUSE-SU-2015:0351
UBUNTU: USN-2519-1
BID: 72844
GENTOO: GLSA-201602-02
REDHAT: RHSA-2016:1207
REDHAT: RHSA-2015:0863
FULLDISC: 20210901 SEC Consult S...
MISC: http://packetstormsecu...

Launchpad.net

CVE 2013-7423

Related bugs and status

Related bugs

References