Frugalware Let's make things frugal!
En Fr Es It
Posted by:kikadf
Vulnerable version:2.19-4
Unaffected version:2.19-5rigel1
Bug tracker entry:
Description:The vfprintf function in stdio-common/vfprintf.c in GNU C Library does not "properly restrict the use of" the alloca function when allocating the SPECS array. The getnetbyname function in glibc 2.21 or earlier will enter an infinite loop if the DNS backend is activated in the system Name Service Switch configuration, and the DNS resolver receives a positive answer while processing the network name. Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer.