CVE-2013-4458

Publication date 12 December 2013

Last updated 4 August 2025

Description

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
eglibc	14.04 LTS trusty	Not affected
	13.10 saucy	Ignored end of life
	13.04 raring	Ignored end of life
	12.10 quantal	Ignored end of life
	12.04 LTS precise	Fixed 2.15-0ubuntu10.6
	10.04 LTS lucid	Fixed 2.11.1-0ubuntu7.14

Notes

sbeattie

this fix was also incomplete, leading to CVE-2016-3706

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
eglibc	Upstream: https://sourceware.org/git/?p=glibc.git;h=7cbcdb3699584db8913ca90f705d6337633ee10f

References

Related Ubuntu Security Notices (USN)

USN-2306-1
GNU C Library vulnerabilities
4 August 2014