CVE-2016-6323

Published: Oct 7, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.

Affected (5)

Products: Gnu: Glibc · Opensuse: Opensuse · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnu Glibc	Up to 2.24

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.2

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 23
Fedoraproject Fedora	Version 24
Fedoraproject Fedora	Version 25

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (20)

http://lists.opensuse.org/opensuse-updates/2016-10/msg00009.html

Source: secalert@redhat.com

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21995039

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2016/08/18/12

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/92532

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTXSOVCRDGBIB4WCIDAGYYUBESXZ4IGK/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LVWSAZVBTLALXF4SCBPDV3FY6J22DXLZ/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WO7IMEYWZ2WTXGGMZBWWSDCUMFN63XOB/

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201706-19

Source: secalert@redhat.com

https://sourceware.org/bugzilla/show_bug.cgi?id=20435

Source: secalert@redhat.com

Issue Tracking

https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2016-10/msg00009.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21995039

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2016/08/18/12

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/92532

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTXSOVCRDGBIB4WCIDAGYYUBESXZ4IGK/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LVWSAZVBTLALXF4SCBPDV3FY6J22DXLZ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WO7IMEYWZ2WTXGGMZBWWSDCUMFN63XOB/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201706-19

Source: af854a3a-2127-422b-91ae-364da2661108

https://sourceware.org/bugzilla/show_bug.cgi?id=20435

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.