PSIRT Advisory

Glibc getaddrinfo() stack-overflow


Since glibc 2.9, the glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used.


Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.

Affected Products

The following products are confirmed to be not affected:

  • FortiOS
  • FortiSwitch
  • FortiAnalyzer
  • FortiManager
  • FortiMail
  • Fortibridge
  • FortiAuthenticator
  • Meru
  • FortiMom
  • FortiDirector
  • FortiPrivateCloud
  • FortiCache
  • FortiClient
  • FortiRecorder
  • FortiCore
Other products are in the course of being investigated.