CVE-2016-4429 — MEDIUM (5.9)

Q: How severe is CVE-2016-4429?

CVE-2016-4429 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-4429?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Leap, Opensuse Opensuse, Gnu Glibc, Canonical Ubuntu Linux.

Vulnerability Description

Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Opensuse	Leap	42.1
Opensuse	Opensuse	13.2
Gnu	Glibc	< 2.24
Canonical	Ubuntu Linux	12.04

Related Weaknesses (CWE)

CWE-787

References

http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.htmlMailing ListThird Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21995039Broken Link
http://www.securityfocus.com/bid/102073Third Party AdvisoryVDB Entry
https://lists.debian.org/debian-lts-announce/2020/06/msg00027.html
https://source.android.com/security/bulletin/2017-12-01Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=20112Issue TrackingPatchThird Party Advisory
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bc779a1a5b3035133024b21e2f
https://usn.ubuntu.com/3759-1/Third Party Advisory
https://usn.ubuntu.com/3759-2/Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.htmlMailing ListThird Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21995039Broken Link
http://www.securityfocus.com/bid/102073Third Party AdvisoryVDB Entry

FAQ

What is CVE-2016-4429?

CVE-2016-4429 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecifi...

How severe is CVE-2016-4429?

CVE-2016-4429 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-4429?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Leap, Opensuse Opensuse, Gnu Glibc, Canonical Ubuntu Linux.