CVE-2013-4458

CVE	CVE-2013-4458
State	PUBLISHED
Assigner	redhat
Source Priority	CVE Program / NVD first with legacy fallback
Published	2013-12-12 18:55:10 UTC
Updated	2026-04-29 01:13:23 UTC
Description	Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.

Primary CVSS: v2.0 5 from [email protected]

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS: 0.012010000 probability, percentile 0.790090000 (date 2026-04-30)

Problem Types: CWE-119 | n/a

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Type	Vendor	Product	Version	Update	Edition	Language
Application	Gnu	Glibc	2.0	All	All	All
Application	Gnu	Glibc	2.0.1	All	All	All
Application	Gnu	Glibc	2.0.2	All	All	All
Application	Gnu	Glibc	2.0.3	All	All	All
Application	Gnu	Glibc	2.0.4	All	All	All
Application	Gnu	Glibc	2.0.5	All	All	All
Application	Gnu	Glibc	2.0.6	All	All	All
Application	Gnu	Glibc	2.1	All	All	All
Application	Gnu	Glibc	2.1.1	All	All	All
Application	Gnu	Glibc	2.1.1.6	All	All	All
Application	Gnu	Glibc	2.1.2	All	All	All
Application	Gnu	Glibc	2.1.3	All	All	All
Application	Gnu	Glibc	2.1.9	All	All	All
Application	Gnu	Glibc	2.10.1	All	All	All
Application	Gnu	Glibc	2.11	All	All	All
Application	Gnu	Glibc	2.11.1	All	All	All
Application	Gnu	Glibc	2.11.2	All	All	All
Application	Gnu	Glibc	2.11.3	All	All	All
Application	Gnu	Glibc	2.12.1	All	All	All
Application	Gnu	Glibc	2.12.2	All	All	All
Application	Gnu	Glibc	2.13	All	All	All
Application	Gnu	Glibc	2.14	All	All	All
Application	Gnu	Glibc	2.14.1	All	All	All
Application	Gnu	Glibc	2.15	All	All	All
Application	Gnu	Glibc	2.16	All	All	All
Application	Gnu	Glibc	2.17	All	All	All
Application	Gnu	Glibc	All	All	All	All
Application	Suse	Linux Enterprise Debuginfo	11	sp2	All	All
Operating System	Suse	Linux Enterprise Server	11	sp2	All	All

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

Reference	Source	Link	Tags
[security-announce] SUSE-SU-2016:0470-1: important: Security update for	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org
16072 – (CVE-2013-4458) Segmentation fault in getaddrinfo() when processing entry mapping to long list of AF_INET6 address structures	af854a3a-2127-422b-91ae-364da2661108	sourceware.org	Exploit
Gentoo Security	af854a3a-2127-422b-91ae-364da2661108	security.gentoo.org
Support / Security / Advisories / / MDVSA-2013:284 \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
Support / Security / Advisories / / MDVSA-2013:283 \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
Siddhesh Poyarekar - [PATCH][BZ #16072] Fix stack overflow due to large AF_INET6 requests	af854a3a-2127-422b-91ae-364da2661108	sourceware.org	Patch
Red Hat Customer Portal	MITRE	access.redhat.com
access.redhat.com \| CVE-2013-4458	MITRE	access.redhat.com
1022280 – (CVE-2013-4458) CVE-2013-4458 glibc: Stack (frame) overflow in getaddrinfo() when called with AF_INET6	MITRE	bugzilla.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.