CVE-2016-4429
The MITRE CVE dictionary describes this issue as:
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
Find out more about CVE-2016-4429 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
Red Hat Product Security has rated this issue as having Low security impact, a future update may address this flaw.
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 2.6 |
|---|---|
| Base Metrics | AV:N/AC:H/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | glibc | Will not fix |
| Red Hat Enterprise Linux 7 | libtirpc | Will not fix |
| Red Hat Enterprise Linux 7 | compat-glibc | Not affected |
| Red Hat Enterprise Linux 6 | glibc | Will not fix |
| Red Hat Enterprise Linux 6 | libtirpc | Will not fix |
| Red Hat Enterprise Linux 6 | compat-glibc | Not affected |
| Red Hat Enterprise Linux 5 | compat-glibc | Not affected |
| Red Hat Enterprise Linux 5 | glibc | Will not fix |
Acknowledgements
This issue was discovered by Aldy Hernandez (Red Hat).CVE description copyright © 2017, The MITRE Corporation