Use After Free in glibc

Do your applications use this vulnerable package? Test your applications

Overview

Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.

References

CONFIRM
CONFIRM
Debian Security Tracker
Fedora Security Update
Security Focus
UBUNTU
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

High
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

High
Availability

None

CVE: CVE-2017-12133
CWE: CWE-416
Snyk ID: SNYK-DEBIAN8-GLIBC-356585
Disclosed: 07 Sep, 2017
Published: 07 Sep, 2017

Use After Free
Affecting glibc package, versions *

Overview

References

CVSS Score

Use After Free Affecting glibc package, versions *

Overview

References

Use After Free
Affecting glibc package, versions *