It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | glibc | 2015-12-14 10:00 | ALAS-2015-617 |
Amazon Linux 1 | glibc | 2015-04-22 16:12 | ALAS-2015-513 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 1.2 | AV:L/AC:H/Au:N/C:P/I:N/A:N |
NVD | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:N/I:P/A:N |