Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-19591

Date: December 4, 2018

In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.

Language: C

Severity Score

Related Resources (14)

http://www.securitytracker.com/id/1042174
https://usn.ubuntu.com/4416-1/
http://www.securityfocus.com/bid/106037
https://sourceware.org/git/?p=glibc.git%3Ba=blob_plain%3Bf=NEWS%3Bhb=HEAD
https://security.gentoo.org/glsa/201903-09
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO7WHN52GFMC5F2I2232GFIPSSXWFV7G/
https://security.gentoo.org/glsa/201908-06
https://nvd.nist.gov/vuln/detail/CVE-2018-19591
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=d527c860f5a3f0ed687bd03f0cb464612dc23408
https://sourceware.org/bugzilla/show_bug.cgi?id=23927
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M52KE4YR3GNMHQUOS3DKAGZD5TQ5D5UH/
https://security.netapp.com/advisory/ntap-20190321-0003/
https://security-tracker.debian.org/tracker/CVE-2018-19591
https://www.mend.io/vulnerability-database/CVE-2018-19591

Severity Score

Weakness Type (CWE)

Improper Input Validation

CWE-20

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us