CVE-2017-12132

Source
Severity Medium
Remote Yes
Type Content spoofing
Description
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.
Group Package Affected Fixed Severity Status Ticket
AVG-369 lib32-glibc 2.25-7 2.26-1 Critical Fixed
AVG-368 glibc 2.25-7 2.26-1 Critical Fixed
References
https://sourceware.org/bugzilla/show_bug.cgi?id=21361
https://arxiv.org/pdf/1205.4011.pdf
https://www.sourceware.org/ml/libc-alpha/2017-08/msg00010.html