Search for vulnerabilities
Vulnerability details: VCID-ge3f-mumy-aaaq
Vulnerability ID VCID-ge3f-mumy-aaaq
Aliases CVE-2013-7423
Summary The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-17 DEPRECATED: Code
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-201 Insertion of Sensitive Information Into Sent Data
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7423.html
rhas Moderate https://access.redhat.com/errata/RHSA-2015:0863
rhas Moderate https://access.redhat.com/errata/RHSA-2015:2199
rhas Important https://access.redhat.com/errata/RHSA-2015:2589
epss 0.00250 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00356 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00356 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00356 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.00952 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.01016 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.03347 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.03347 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.03347 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.03347 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.03347 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.03347 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.03347 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.03347 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.03347 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.03347 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.03762 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.03762 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
epss 0.03762 https://api.first.org/data/v1/epss?cve=CVE-2013-7423
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1187109
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423
cvssv2 2.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2013-7423
generic_textual Low https://ubuntu.com/security/notices/USN-2519-1
Reference id Reference type URL
http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html
http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7423.html
http://rhn.redhat.com/errata/RHSA-2015-0863.html
https://access.redhat.com/errata/RHSA-2016:1207
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7423.json
https://api.first.org/data/v1/epss?cve=CVE-2013-7423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423
http://seclists.org/fulldisclosure/2021/Sep/0
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/golang/go/issues/6336
https://security.gentoo.org/glsa/201602-02
https://sourceware.org/bugzilla/show_bug.cgi?id=15946
https://ubuntu.com/security/notices/USN-2519-1
http://www.openwall.com/lists/oss-security/2015/01/28/20
http://www.securityfocus.com/bid/72844
http://www.ubuntu.com/usn/USN-2519-1
1187109 https://bugzilla.redhat.com/show_bug.cgi?id=1187109
722075 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722075
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
CVE-2013-7423 https://nvd.nist.gov/vuln/detail/CVE-2013-7423
RHSA-2015:0863 https://access.redhat.com/errata/RHSA-2015:0863
RHSA-2015:2199 https://access.redhat.com/errata/RHSA-2015:2199
RHSA-2015:2589 https://access.redhat.com/errata/RHSA-2015:2589
USN-2519-1 https://usn.ubuntu.com/2519-1/
No exploits are available.
Vector: AV:L/AC:H/Au:N/C:P/I:N/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2013-7423
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.64367
EPSS Score 0.00250
Published At Jan. 16, 2025, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.