CVE-2014-8121
eglibc - security update
EPSS 2.5%
Description
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
How to fix CVE-2014-8121
To remediate CVE-2014-8121, upgrade the affected package to a fixed version below.
- Debian/eglibc—upgrade to 2.11.3-4+deb6u7 or later
- Debian/eglibc—upgrade to 2.13-38+deb7u10 or later
- —upgrade to 2.21-1 or later
Is CVE-2014-8121 being exploited?
Low — EPSS is 2.5%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.11.3-4+deb6u7
- from 0, < 2.13-38+deb7u10
- from 0, < 2.21-1