Public Date:
1477529: CVE-2017-12132 glibc: Fragmentation attacks possible when EDNS0 is enabled

The MITRE CVE dictionary describes this issue as:

The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.

Find out more about CVE-2017-12132 from the MITRE CVE dictionary dictionary and NIST NVD.


This issue only affects systems which use a remote recursive resolver and enable EDNS0, either with the “edns0” option in /etc/resolv.conf, or using the RES_USE_EDNS0 or RES_USE_DNSSEC resolver flags. The underlying issue affects recursive resolvers such as BIND and Unbound as well, and has to be fixed separately there.

CVSS v3 metrics

CVSS3 Base Score 3
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction Required
Scope Changed
Confidentiality None
Integrity Impact Low
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (glibc) RHSA-2018:0805 2018-04-10

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 compat-glibc Will not fix
Red Hat Enterprise Linux 6 compat-glibc Will not fix
Red Hat Enterprise Linux 6 glibc Will not fix
Red Hat Enterprise Linux 5 compat-glibc Will not fix
Red Hat Enterprise Linux 5 glibc Will not fix

Last Modified

CVE description copyright © 2017, The MITRE Corporation


Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.