CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927]

author: Florian Weimer <fweimer@redhat.com> 2018-11-27 16:12:43 +0100
committer: Pranav Kant <prka@google.com> 2024-01-12 23:20:06 +0000
commit: ac5b88042331d3a6ba0e44f8ebcc41a35ec1dab2 (patch)
tree: dc37f02acfd00e9271b6c9b0379c490c9301c9af /NEWS
parent: 66bec53f073ca8ef6ac138dfe22ae9af7ce1d9db (diff)
download: glibc-ac5b88042331d3a6ba0e44f8ebcc41a35ec1dab2.zip
glibc-ac5b88042331d3a6ba0e44f8ebcc41a35ec1dab2.tar.gz
glibc-ac5b88042331d3a6ba0e44f8ebcc41a35ec1dab2.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 162a845..46b5a2d 100644
--- a/NEWS
+++ b/NEWS
@@ -32,6 +32,10 @@ Security related changes:
   addresses with arbitrary trailing characters, potentially leading to data
   or command injection issues in applications.
 
+  CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a
+  denial of service due to resource exhaustion when processing getaddrinfo
+  calls with crafted host names.  Reported by Guido Vranken.
+
   CVE-2017-18269: An SSE2-based memmove implementation for the i386
   architecture could corrupt memory.  Reported by Max Horn.
author	Florian Weimer <fweimer@redhat.com>	2018-11-27 16:12:43 +0100
committer	Pranav Kant <prka@google.com>	2024-01-12 23:20:06 +0000
commit	ac5b88042331d3a6ba0e44f8ebcc41a35ec1dab2 (patch)
tree	dc37f02acfd00e9271b6c9b0379c490c9301c9af /NEWS
parent	66bec53f073ca8ef6ac138dfe22ae9af7ce1d9db (diff)
download	glibc-ac5b88042331d3a6ba0e44f8ebcc41a35ec1dab2.zip glibc-ac5b88042331d3a6ba0e44f8ebcc41a35ec1dab2.tar.gz glibc-ac5b88042331d3a6ba0e44f8ebcc41a35ec1dab2.tar.bz2