CVE-2018-19591
HIGH
7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
MEDIUM
5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: none
Availability: partial
Description
AI Translation Available
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0136
Percentile
0,8th
Updated
EPSS Score Trend (Last 91 Days)
20
Improper Input Validation
StableCommon Consequences
Security Scopes Affected:
Availability
Confidentiality
Integrity
Potential Impacts:
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Read Memory
Read Files Or Directories
Modify Memory
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies:
AI/ML
404
Improper Resource Shutdown or Release
DraftCommon Consequences
Security Scopes Affected:
Availability
Other
Confidentiality
Potential Impacts:
Dos: Resource Consumption (Other)
Varies By Context
Read Application Data
Applicable Platforms
All platforms may be affected
Operating System
Fedora by Fedoraproject
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Glibc by Gnu
Version Range Affected
To
2.28
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Fedora by Fedoraproject
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://security.gentoo.org/glsa/201903-09
https://security.gentoo.org/glsa/201908-06
https://security.netapp.com/advisory/ntap-20190321-0003/
https://sourceware.org/bugzilla/show_bug.cgi?id=23927
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=d527c860f5…
https://sourceware.org/git/?p=glibc.git%3Ba=blob_plain%3Bf=NEWS%3Bhb=HEAD
https://usn.ubuntu.com/4416-1/
http://www.securityfocus.com/bid/106037
http://www.securitytracker.com/id/1042174
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://security.gentoo.org/glsa/201903-09
https://security.gentoo.org/glsa/201908-06
https://security.netapp.com/advisory/ntap-20190321-0003/
https://sourceware.org/bugzilla/show_bug.cgi?id=23927
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=d527c860f5…
https://sourceware.org/git/?p=glibc.git%3Ba=blob_plain%3Bf=NEWS%3Bhb=HEAD
https://usn.ubuntu.com/4416-1/
http://www.securityfocus.com/bid/106037
http://www.securitytracker.com/id/1042174