This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/19879] New: nss_dns: Stack overflow in getnetbyname implementation (CVE-2016-3075)
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 29 Mar 2016 10:53:50 +0000
- Subject: [Bug network/19879] New: nss_dns: Stack overflow in getnetbyname implementation (CVE-2016-3075)
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=19879
Bug ID: 19879
Summary: nss_dns: Stack overflow in getnetbyname implementation
(CVE-2016-3075)
Product: glibc
Version: 2.24
Status: NEW
Severity: normal
Priority: P2
Component: network
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
Target Milestone: ---
Flags: security+
The getnetbyname implementation in nss_dns contains a potentially unbounded
alloca call (in the form of a call to strdupa), leading to a stack overflow
(stack exhaustion) and a crash if getnetbyname is invoked on a very long name.
This bug was present in the initial commit of this file in 1996.
--
You are receiving this mail because:
You are on the CC list for the bug.