Search for vulnerabilities
Vulnerability details: VCID-sqrx-7bzw-aaaq
Vulnerability ID VCID-sqrx-7bzw-aaaq
Aliases CVE-2013-4458
Summary Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-121 Stack-based Buffer Overflow
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4458.html
rhas Moderate https://access.redhat.com/errata/RHSA-2014:1391
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01246 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.01349 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.03752 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.03752 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.03752 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.03752 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.03752 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.03752 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.03752 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.03752 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.03752 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.03777 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.03777 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.03777 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
epss 0.03777 https://api.first.org/data/v1/epss?cve=CVE-2013-4458
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1022280
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2013-4458
generic_textual Low https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html
generic_textual Low https://ubuntu.com/security/notices/USN-2306-1
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4458.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4458.json
https://api.first.org/data/v1/epss?cve=CVE-2013-4458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458
https://security.gentoo.org/glsa/201503-04
https://sourceware.org/bugzilla/show_bug.cgi?id=16072
https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html
https://ubuntu.com/security/notices/USN-2306-1
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
http://www.mandriva.com/security/advisories?name=MDVSA-2013:284
1022280 https://bugzilla.redhat.com/show_bug.cgi?id=1022280
727181 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727181
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
CVE-2013-4458 https://nvd.nist.gov/vuln/detail/CVE-2013-4458
RHSA-2014:1391 https://access.redhat.com/errata/RHSA-2014:1391
USN-2306-1 https://usn.ubuntu.com/2306-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2013-4458
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.78206
EPSS Score 0.01239
Published At May 21, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.