CVE-2013-7423

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-7423
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html Third Party Advisory
http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
http://rhn.redhat.com/errata/RHSA-2015-0863.html
http://seclists.org/fulldisclosure/2021/Sep/0
http://www.openwall.com/lists/oss-security/2015/01/28/20 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/72844 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2519-1 Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1207 Third Party Advisory
https://github.com/golang/go/issues/6336 Third Party Advisory
https://security.gentoo.org/glsa/201602-02 Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=15946 Issue Tracking
http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html Third Party Advisory
http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
http://rhn.redhat.com/errata/RHSA-2015-0863.html
http://seclists.org/fulldisclosure/2021/Sep/0
http://www.openwall.com/lists/oss-security/2015/01/28/20 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/72844 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2519-1 Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1207 Third Party Advisory
https://github.com/golang/go/issues/6336 Third Party Advisory
https://security.gentoo.org/glsa/201602-02 Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=15946 Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2015-02-24 15:59

Updated : 2025-04-12 10:46

NVD link : CVE-2013-7423

Mitre link : CVE-2013-7423

CVE.ORG link : CVE-2013-7423

JSON object : View

Products Affected

redhat

  • enterprise_linux_server_aus

gnu

  • glibc

opensuse

  • opensuse

canonical

  • ubuntu_linux
CWE
CWE-17

DEPRECATED: Code