Launchpad CVE tracker

CVE 2016-3706

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.

Related bugs and status

CVE-2016-3706 (Candidate) is related to these bugs:

Bug #1561621: mosh-server crashed with SIGSEGV in execute_helper()

		In	Importance	Status
1561621	mosh-server crashed with SIGSEGV in execute_helper()	mosh (Ubuntu)	Undecided	Fix Released
1561621	mosh-server crashed with SIGSEGV in execute_helper()	mosh (Debian)	Unknown	Fix Released
1561621	mosh-server crashed with SIGSEGV in execute_helper()	GLibC	Medium	Fix Released
1561621	mosh-server crashed with SIGSEGV in execute_helper()	glibc (Ubuntu)	Medium	Confirmed

Bug #1571456: id crashed with SIGSEGV in sock_eq()

		In	Importance	Status
1571456	id crashed with SIGSEGV in sock_eq()	glibc (Ubuntu)	High	Fix Released
1571456	id crashed with SIGSEGV in sock_eq()	GLibC	Unknown	Unknown
1571456	id crashed with SIGSEGV in sock_eq()	glibc (Fedora)	Undecided	Fix Released
1571456	id crashed with SIGSEGV in sock_eq()	glibc (Debian)	Unknown	Fix Released
1571456	id crashed with SIGSEGV in sock_eq()	glibc (Ubuntu Xenial)	High	Fix Released

Bug #1674776: getaddrinfo() dont work correct with ipv4+ipv6 addreses aftrer upgrade libc6 in Ubuntu Precise

Summary				In	Importance	Status
	1674776	getaddrinfo() dont work correct with ipv4+ipv6 addreses aftrer upgrade libc6 in Ubuntu Precise		GLibC	Medium	Fix Released
	1674776	getaddrinfo() dont work correct with ipv4+ipv6 addreses aftrer upgrade libc6 in Ubuntu Precise		eglibc (Ubuntu Precise)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-3706

References