{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-07-07T00:00:00", "descriptions": [{"lang": "en", "value": "The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186614"}, {"name": "[oss-security] 20150129 Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/01/29/21"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=2e96f1c7"}, {"name": "RHSA-2015:1627", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1627.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=981942"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18011"}, {"name": "72710", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72710"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7424", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1186614", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186614"}, {"name": "[oss-security] 20150129 Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/01/29/21"}, {"name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7", "refsource": "CONFIRM", "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7"}, {"name": "RHSA-2015:1627", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1627.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=981942", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=981942"}, {"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=18011", "refsource": "CONFIRM", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18011"}, {"name": "72710", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72710"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:09:16.606Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186614"}, {"name": "[oss-security] 20150129 Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/01/29/21"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=2e96f1c7"}, {"name": "RHSA-2015:1627", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1627.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=981942"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18011"}, {"name": "72710", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72710"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7424", "datePublished": "2015-08-26T19:00:00", "dateReserved": "2015-01-29T00:00:00", "dateUpdated": "2024-08-06T18:09:16.606Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9A789ED-8F21-4477-A7E6-5018A4AB15BE", "versionEndIncluding": "2.14.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6."}, {"lang": "es", "value": "Vulnerabilidad en la funci\u00f3n getaddrinfo en glibc en versiones anteriores a 2.15, cuando es compilado con libidn y es utilizado el indicador AI_IDN, permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (liberaci\u00f3n de memoria no v\u00e1lida) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, seg\u00fan lo demostrado en un nombre de dominio internacionalizado para ping6."}], "id": "CVE-2013-7424", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-08-26T19:59:00.110", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1627.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/01/29/21"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/72710"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186614"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=981942"}, {"source": "cve@mitre.org", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18011"}, {"source": "cve@mitre.org", "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=2e96f1c7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1627.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/01/29/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/72710"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186614"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=981942"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18011"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=2e96f1c7"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-17"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:1627", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "glibc-0:2.5-123.el5_11.3", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2015-08-17T00:00:00Z"}, {"advisory": "RHSA-2014:1391", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "glibc-0:2.12-1.149.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}], "bugzilla": {"description": "glibc: Invalid-free when using getaddrinfo()", "id": "1186614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186614"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.", "An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support."], "name": "CVE-2013-7424", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:rhel_eus:5.6", "fix_state": "Not affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux Extended Update Support 5.6"}, {"cpe": "cpe:/o:redhat:rhel_eus:5.9", "fix_state": "Affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux Extended Update Support 5.9"}, {"cpe": "cpe:/o:redhat:rhel_eus:6.2", "fix_state": "Affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux Extended Update Support 6.2"}, {"cpe": "cpe:/o:redhat:rhel_eus:6.4", "fix_state": "Affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux Extended Update Support 6.4"}, {"cpe": "cpe:/o:redhat:rhel_eus:6.5", "fix_state": "Affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux Extended Update Support 6.5"}], "public_date": "2015-01-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-7424\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-7424"], "threat_severity": "Moderate"}