Unrated severityNVD Advisory· Published Dec 12, 2013· Updated Apr 29, 2026
CVE-2013-4458
CVE-2013-4458
Description
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.
Affected products
29cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*+ 26 more
- cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*range: <=2.18
- cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.