485230 – (CVE-2013-4357) sys-libs/glibc : getaddrinfo() stack overflow

Bug 485230 (CVE-2013-4357) - sys-libs/glibc : getaddrinfo() stack overflow

Summary: sys-libs/glibc : getaddrinfo() stack overflow

Status:	RESOLVED WORKSFORME

Alias:	CVE-2013-4357

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:	http://www.openwall.com/lists/oss-sec...
Whiteboard:	A2 [?]
Keywords:

Depends on:
Blocks:

Reported:	2013-09-17 19:08 UTC by Agostino Sarubbo
Modified:	2014-02-18 19:25 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2013-09-17 19:08:33 UTC

From ${URL} :

In 2011 the problem with alloca() was not defined as a vulnerability.

http://sourceware.org/bugzilla/show_bug.cgi?id=12671


@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.

Comment 1 Tolga Dalman 2013-09-18 21:28:22 UTC

I don't understand. Where exactly is the problem ? As far as I can see there is no exploitable bug on Linux (i.e., I have also no crashes with the examples provided in the glibc bug report).

Comment 2 Chris Reffett (RETIRED) gentoo-dev

2013-09-25 18:05:03 UTC

As far as I can tell, upstream said that this isn't a vuln. I'm not sure what to do with this. @security: thoughts?