CVE-2017-12133

Impact:
Low
Public Date:
2017-02-08
CWE:
CWE-416
Bugzilla:
1478288: CVE-2017-12133 glibc: Use-after-free read access in clntudp_call in sunrpc

The MITRE CVE dictionary describes this issue as:

Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.

Find out more about CVE-2017-12133 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect the versions of gcc compiler shipped with Red Hat Enterprise Linux, because The patch for CVE-2016-4429 was not backported for those versions of glibc.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 3.7
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact None
Availability Impact None

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 glibc Not affected
Red Hat Enterprise Linux 7 compat-glibc Not affected
Red Hat Enterprise Linux 6 glibc Not affected
Red Hat Enterprise Linux 6 compat-glibc Not affected
Red Hat Enterprise Linux 5 compat-glibc Not affected
Red Hat Enterprise Linux 5 glibc Not affected

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.