{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-11-20T00:00:00", "descriptions": [{"lang": "en", "value": "The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-05T01:06:06", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17630"}, {"name": "openSUSE-SU-2015:0351", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html"}, {"name": "GLSA-201602-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201602-02"}, {"name": "[oss-security] 20141217 Re: CVE request: glibc", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/12/18/1"}, {"name": "USN-2519-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2519-1"}, {"name": "71670", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71670"}, {"name": "RHSA-2018:0805", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0805"}, {"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Jun/18"}, {"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Jun/14"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"}, {"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Sep/7"}, {"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Sep/7"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:40:25.176Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17630"}, {"name": "openSUSE-SU-2015:0351", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html"}, {"name": "GLSA-201602-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201602-02"}, {"name": "[oss-security] 20141217 Re: CVE request: glibc", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/12/18/1"}, {"name": "USN-2519-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2519-1"}, {"name": "71670", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71670"}, {"name": "RHSA-2018:0805", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0805"}, {"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Jun/18"}, {"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jun/14"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"}, {"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Sep/7"}, {"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Sep/7"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-9402", "datePublished": "2015-02-24T15:00:00", "dateReserved": "2014-12-17T00:00:00", "dateUpdated": "2024-08-06T13:40:25.176Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA913F6A-63A0-468F-A0E0-66748E337246", "versionEndIncluding": "2.20", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*", "matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process."}, {"lang": "es", "value": "La implementaci\u00f3n nss_dns de getnetbyname en GNU C Library (tambi\u00e9n conocido como glibc) anterior a 2.21, cuando el backend DNS en la configuraci\u00f3n Name Service Switch est\u00e1 habilitado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito) mediante el envi\u00f3 de una respuesta positiva mientras el nombre de una red est\u00e1 siendo procesada."}], "id": "CVE-2014-9402", "lastModified": "2023-02-13T00:45:18.867", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-02-24T15:59:02.520", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html"}, {"source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"}, {"source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2019/Jun/18"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2019/Sep/7"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2014/12/18/1"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/71670"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2519-1"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:0805"}, {"source": "secalert@redhat.com", "url": "https://seclists.org/bugtraq/2019/Jun/14"}, {"source": "secalert@redhat.com", "url": "https://seclists.org/bugtraq/2019/Sep/7"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201602-02"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17630"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:0805", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "glibc-0:2.17-222.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-04-10T00:00:00Z"}], "bugzilla": {"description": "glibc: denial of service in getnetbyname function", "id": "1175369", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1175369"}, "csaw": false, "cvss": {"cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-835", "details": ["The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process."], "name": "CVE-2014-9402", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2014-11-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-9402\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9402"], "statement": "A non-standard system configuration (\"networks: file dns\" in /etc/nsswitch.conf) and possibly a DNS spoofing attack is required to exploit this flaw.\nRed Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}