CVE-2013-7424

NameCVE-2013-7424
DescriptionThe getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDLA-165-1, DSA-3169-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
glibc (PTS)buster2.28-10+deb10u1fixed
buster (security)2.28-10+deb10u2fixed
bullseye2.31-13+deb11u5fixed
bookworm, sid2.36-8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
eglibcsourcesqueeze2.11.3-4+deb6u5DLA-165-1
eglibcsourcewheezy2.13-38+deb7u8DSA-3169-1
eglibcsource(unstable)2.15-1
glibcsource(unstable)2.15-1

Notes

http://seclists.org/oss-sec/2015/q1/306
Upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7
https://bugzilla.redhat.com/show_bug.cgi?id=981942
Search for package or bug name: Reporting problems