{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-23T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-20T22:53:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-3759-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3759-2/"}, {"name": "openSUSE-SU-2016:1779", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html"}, {"name": "USN-3759-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3759-1/"}, {"name": "openSUSE-SU-2016:1527", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html"}, {"name": "102073", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102073"}, {"name": "[debian-lts-announce] 20200628 [SECURITY] [DLA 2256-1] libtirpc security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00027.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20112"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://source.android.com/security/bulletin/2017-12-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bc779a1a5b3035133024b21e2f339fe4219fb11c"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-4429", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-3759-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3759-2/"}, {"name": "openSUSE-SU-2016:1779", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html"}, {"name": "USN-3759-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3759-1/"}, {"name": "openSUSE-SU-2016:1527", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html"}, {"name": "102073", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102073"}, {"name": "[debian-lts-announce] 20200628 [SECURITY] [DLA 2256-1] libtirpc security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00027.html"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"}, {"name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", "refsource": "CONFIRM", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20112"}, {"name": "https://source.android.com/security/bulletin/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-12-01"}, {"name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", "refsource": "CONFIRM", "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:32:24.629Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3759-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3759-2/"}, {"name": "openSUSE-SU-2016:1779", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html"}, {"name": "USN-3759-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3759-1/"}, {"name": "openSUSE-SU-2016:1527", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html"}, {"name": "102073", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102073"}, {"name": "[debian-lts-announce] 20200628 [SECURITY] [DLA 2256-1] libtirpc security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00027.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20112"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://source.android.com/security/bulletin/2017-12-01"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bc779a1a5b3035133024b21e2f339fe4219fb11c"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-4429", "datePublished": "2016-06-10T15:00:00", "dateReserved": "2016-05-02T00:00:00", "dateUpdated": "2024-08-06T00:32:24.629Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AD43ADC-AA8F-4284-AD88-98A9A9CC8AAC", "versionEndExcluding": "2.24", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets."}, {"lang": "es", "value": "Desbordamiento del buffer basado en pila en la funci\u00f3n clntudp_call en sunrpc/clnt_udp.c en GNU C Library (tambi\u00e9n conocida como glibc o libc6) permite a atacantes remotos provocar una denegaci\u00f3n del servicio (ca\u00edda) o posiblemente tener otro impacto no especificado a trav\u00e9s de una inundaci\u00f3n de paquetes ICMP y UDP manipulados."}], "id": "CVE-2016-4429", "lastModified": "2023-11-07T02:32:37.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-10T15:59:05.687", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102073"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00027.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://source.android.com/security/bulletin/2017-12-01"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20112"}, {"source": "secalert@redhat.com", "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bc779a1a5b3035133024b21e2f339fe4219fb11c"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3759-1/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3759-2/"}, {"source": "secalert@redhat.com", "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Aldy Hernandez (Red Hat).", "bugzilla": {"description": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", "id": "1337136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1337136"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "draft"}, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-121", "details": ["Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets."], "name": "CVE-2016-4429", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libtirpc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "libtirpc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2016-05-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-4429\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4429"], "statement": "Based on technical analysis of this flaw:\nOn Red Hat Enterprise Linux 6: No looping behaviour was observed. Without the looping behavior, the alloca should be harmless for pretty much all applications because the size argument depends on the size of the generated (outgoing) UDP packet and will be well below default stack sizes. Therefore it is not affected by this flaw.\nOn Red Hat Enterprise Linux 7: Looping behaviour was observed and segfaults with small stack sizes. -fstack-class-protection will turn this into a reliable crash (no code execution possible). Even without that build flag, this will not be exploitable in most cases because the application determines the alloca argument, based on the generated UDP packet (not the response). This will usually be smaller than a page. The maximum impact is therefore crash, there is no code execution involved.\nThis issue was fixed in glibc-2.23.1, therefore Red Hat Enterprise Linux 8 is not affected by this flaw.", "threat_severity": "Moderate", "upstream_fix": "glibc 2.23.1"}