InetAddress.java is using Glibc function getaddrinfo() and according to CVE-2016-3706,
getaddrinfo() is not safe any more.
Does that mean that all the applications which use InetAddress class are not safe. What can be the solution to this problem?
Does that mean that all the applications which use InetAddress class are not safe.
Running any application that calls getaddrinfo on a system affected by above CVE is unsafe. That includes any Java applications using InetAddress as a subset.
What can be the solution to this problem?
The only solution is to update the system GLIBC with a version where above CVE has been fixed.
