Allocation of Resources Without Limits or Throttling in glibc

Do your applications use this vulnerable package? Test your applications

Overview

The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.

References

Debian Security Tracker
MISC
MISC
RHSA Security Advisory
Security Focus
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

High
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

High
Availability

None

CVE: CVE-2017-12132
CWE: CWE-770
Snyk ID: SNYK-DEBIAN9-GLIBC-356559
Disclosed: 01 Aug, 2017
Published: 01 Aug, 2017

Allocation of Resources Without Limits or Throttling
Affecting glibc package, versions *

Overview

References

CVSS Score

Allocation of Resources Without Limits or Throttling Affecting glibc package, versions *

Overview

References

Allocation of Resources Without Limits or Throttling
Affecting glibc package, versions *