In sysdeps/unix/sysv/linux/if_index.c, __if_nametoindex() creates a socket descriptor but does not close it if the 'ifname' parameter is too long. This is a resource leak (CWE-404).
Additionally, it is possible to call getaddrinfo() with a crafted 'node' parameter, that leads to the offending code in __if_nametoindex().
In short, untrusted hostname resolutions (via getaddrinfo()) lead to descriptor exhaustion.
MITRE has assigned CVE-2018-19591 for this issue.
Attribution: Guido Vranken
All affected packages are masked. No cleanup (toolchain package).
Security please proceed.
This issue was resolved and addressed in
GLSA 201908-06 at https://security.gentoo.org/glsa/201908-06
by GLSA coordinator Aaron Bauman (b-man).