A vulnerability was discovered in all versions of glibc since 2.9, which allows remote attackers to execute arbitrary code, cause denial-of-service or trigger a product crash. The vulnerability is related to the client-side DNS resolver and can be exploited by sending a truncated UDP A+AAAA query, followed by a large TCP response with a TTL of 0.