CVE-2013-7423 — MEDIUM (5.0)

Q: How severe is CVE-2013-7423?

CVE-2013-7423 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-7423?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Server Aus, Canonical Ubuntu Linux, Opensuse Opensuse, Gnu Glibc.

Vulnerability Description

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Enterprise Linux Server Aus	6.5
Canonical	Ubuntu Linux	10.04
Opensuse	Opensuse	13.1
Gnu	Glibc	< 2.20

Related Weaknesses (CWE)

CWE-17

References

http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.htmlThird Party Advisory
http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Sc
http://rhn.redhat.com/errata/RHSA-2015-0863.html
http://seclists.org/fulldisclosure/2021/Sep/0
http://www.openwall.com/lists/oss-security/2015/01/28/20Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/72844Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-2519-1Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1207Third Party Advisory
https://github.com/golang/go/issues/6336Third Party Advisory
https://security.gentoo.org/glsa/201602-02Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=15946Issue Tracking
http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.htmlThird Party Advisory
http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Sc
http://rhn.redhat.com/errata/RHSA-2015-0863.html
http://seclists.org/fulldisclosure/2021/Sep/0

FAQ

What is CVE-2013-7423?

CVE-2013-7423 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended lo...

How severe is CVE-2013-7423?

CVE-2013-7423 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-7423?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Server Aus, Canonical Ubuntu Linux, Opensuse Opensuse, Gnu Glibc.