usn-2519-1
Vulnerability from osv_ubuntu
Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file descriptors when resolving DNS queries under high load. This may cause a denial of service in other applications, or an information leak. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7423)
It was discovered that the GNU C Library incorrectly handled receiving a positive answer while processing the network name when performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to hang, resulting in a denial of service. (CVE-2014-9402)
Joseph Myers discovered that the GNU C Library wscanf function incorrectly handled memory. A remote attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1472, CVE-2015-1473)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2013-7423",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-9402",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-1472",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-1473",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "eglibc-source",
"binary_version": "2.19-0ubuntu6.6"
},
{
"binary_name": "libc-bin",
"binary_version": "2.19-0ubuntu6.6"
},
{
"binary_name": "libc-dev-bin",
"binary_version": "2.19-0ubuntu6.6"
},
{
"binary_name": "libc6",
"binary_version": "2.19-0ubuntu6.6"
},
{
"binary_name": "libc6-amd64",
"binary_version": "2.19-0ubuntu6.6"
},
{
"binary_name": "libc6-armel",
"binary_version": "2.19-0ubuntu6.6"
},
{
"binary_name": "libc6-dev-amd64",
"binary_version": "2.19-0ubuntu6.6"
},
{
"binary_name": "libc6-dev-armel",
"binary_version": "2.19-0ubuntu6.6"
},
{
"binary_name": "libc6-dev-i386",
"binary_version": "2.19-0ubuntu6.6"
},
{
"binary_name": "libc6-dev-ppc64",
"binary_version": "2.19-0ubuntu6.6"
},
{
"binary_name": "libc6-dev-x32",
"binary_version": "2.19-0ubuntu6.6"
},
{
"binary_name": "libc6-i386",
"binary_version": "2.19-0ubuntu6.6"
},
{
"binary_name": "libc6-pic",
"binary_version": "2.19-0ubuntu6.6"
},
{
"binary_name": "libc6-ppc64",
"binary_version": "2.19-0ubuntu6.6"
},
{
"binary_name": "libc6-prof",
"binary_version": "2.19-0ubuntu6.6"
},
{
"binary_name": "libc6-x32",
"binary_version": "2.19-0ubuntu6.6"
},
{
"binary_name": "multiarch-support",
"binary_version": "2.19-0ubuntu6.6"
},
{
"binary_name": "nscd",
"binary_version": "2.19-0ubuntu6.6"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "eglibc",
"purl": "pkg:deb/ubuntu/eglibc@2.19-0ubuntu6.6?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.19-0ubuntu6.6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.17-93ubuntu4",
"2.18-0ubuntu1",
"2.18-0ubuntu2",
"2.18-0ubuntu4",
"2.18-0ubuntu5",
"2.18-0ubuntu6",
"2.18-0ubuntu7",
"2.19-0ubuntu2",
"2.19-0ubuntu3",
"2.19-0ubuntu4",
"2.19-0ubuntu5",
"2.19-0ubuntu6",
"2.19-0ubuntu6.1",
"2.19-0ubuntu6.3",
"2.19-0ubuntu6.4",
"2.19-0ubuntu6.5"
]
}
],
"aliases": [],
"details": "Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file\ndescriptors when resolving DNS queries under high load. This may cause a\ndenial of service in other applications, or an information leak. This issue\nonly affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2013-7423)\n\nIt was discovered that the GNU C Library incorrectly handled receiving a\npositive answer while processing the network name when performing DNS\nresolution. A remote attacker could use this issue to cause the GNU C\nLibrary to hang, resulting in a denial of service. (CVE-2014-9402)\n\nJoseph Myers discovered that the GNU C Library wscanf function incorrectly\nhandled memory. A remote attacker could possibly use this issue to cause\nthe GNU C Library to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu\n14.04 LTS and Ubuntu 14.10. (CVE-2015-1472, CVE-2015-1473)\n",
"id": "USN-2519-1",
"modified": "2026-04-22T07:36:32Z",
"published": "2015-02-26T15:57:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2519-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-7423"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-9402"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-1472"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-1473"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "eglibc, glibc vulnerabilities",
"upstream": [
"UBUNTU-CVE-2013-7423",
"UBUNTU-CVE-2014-9402",
"UBUNTU-CVE-2015-1472",
"UBUNTU-CVE-2015-1473"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.