Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 Apr 2013 13:10:21 +0200
From: Marcus Meissner <>
To: OSS Security List <>
Subject: CVE Request: glibc getaddrinfo() stack overflow


A customer reported a glibc crash, which turned out to be a stack overflow in

getaddrinfo() uses:
	struct sort_result results[nresults];
with nresults controlled by the nameservice chain (DNS or /etc/hosts).

This will be visible mostly on threaded applications with smaller stacksizes,
or operating near out of stack.

Reproducer I tried:
	$ for i in `seq 1 10000000`; do echo "ff00::$i a1" >>/etc/hosts; done
	$ ulimit -s 1024
	$ telnet a1
	Segmentation fault
	(clean out /etc/hosts again )

I am not sure you can usually push this amount of addresses via DNS for all

Andreas is currently pushing the patch to glibc GIT.


Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.