CVE-2013-7424
EPSS 0.83%
Description
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.
How to fix CVE-2013-7424
To remediate CVE-2013-7424, upgrade the affected package to a fixed version below.
- Debian/glibc—upgrade to 2.15-1 or later
Is CVE-2013-7424 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.15-1