A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/09/25/1 | Mailing List |
https://access.redhat.com/errata/RHSA-2023:5453 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2023:5455 | Third Party Advisory |
https://access.redhat.com/security/cve/CVE-2023-4527 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2234712 | Exploit Issue Tracking Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/ | Mailing List |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/ | Mailing List |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/ | Mailing List |
https://security.gentoo.org/glsa/202310-03 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20231116-0012/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
28 Dec 2023, 16:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://security.netapp.com/advisory/ntap-20231116-0012/ - Third Party Advisory | |
CPE | cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* |
|
First Time |
Netapp h500s
Netapp h700s Firmware Netapp h410c Netapp h700s Netapp Netapp h500s Firmware Netapp h300s Firmware Netapp h300s Netapp h410c Firmware Netapp h410s Netapp h410s Firmware |
16 Nov 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Oct 2023, 18:00
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://access.redhat.com/errata/RHSA-2023:5455 - Third Party Advisory | |
References | (MISC) https://security.gentoo.org/glsa/202310-03 - Third Party Advisory | |
References | (MISC) http://www.openwall.com/lists/oss-security/2023/09/25/1 - Mailing List | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/ - Mailing List | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/ - Mailing List | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/ - Mailing List | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:5453 - Third Party Advisory | |
First Time |
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux For Ibm Z Systems S390x Fedoraproject fedora Redhat enterprise Linux For Arm 64 Redhat codeready Linux Builder For Arm64 Eus Fedoraproject Redhat enterprise Linux For Ibm Z Systems Eus S390x Redhat codeready Linux Builder For Arm64 Redhat codeready Linux Builder Eus For Power Little Endian Redhat enterprise Linux For Arm 64 Eus Redhat enterprise Linux Server Aus Redhat enterprise Linux Eus Redhat enterprise Linux For Ibm Z Systems Eus Redhat codeready Linux Builder For Ibm Z Systems Eus Redhat enterprise Linux Tus Redhat codeready Linux Builder Eus Redhat codeready Linux Builder For Ibm Z Systems Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Redhat codeready Linux Builder Eus For Power Little Endian Eus |
|
CPE | cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_tus:8.8:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
05 Oct 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Oct 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Oct 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Sep 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Sep 2023, 17:52
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
21 Sep 2023, 17:55
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.2 |
CWE | CWE-125 | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-4527 - Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2234712 - Exploit, Issue Tracking, Third Party Advisory | |
First Time |
Gnu glibc
Gnu Redhat Redhat enterprise Linux |
|
CPE | cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
18 Sep 2023, 18:23
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-18 17:15
Updated : 2023-12-28 16:23
NVD link : CVE-2023-4527
Mitre link : CVE-2023-4527
CVE.ORG link : CVE-2023-4527
JSON object : View
Products Affected
netapp
- h700s_firmware
- h410s
- h300s
- h700s
- h410s_firmware
- h500s
- h300s_firmware
- h410c
- h500s_firmware
- h410c_firmware
redhat
- codeready_linux_builder_eus_for_power_little_endian
- codeready_linux_builder_eus
- codeready_linux_builder_eus_for_power_little_endian_eus
- enterprise_linux_for_power_little_endian
- enterprise_linux
- enterprise_linux_server_aus
- enterprise_linux_for_ibm_z_systems_eus
- codeready_linux_builder_for_arm64
- enterprise_linux_for_arm_64
- enterprise_linux_for_ibm_z_systems_eus_s390x
- enterprise_linux_for_arm_64_eus
- codeready_linux_builder_for_arm64_eus
- enterprise_linux_for_ibm_z_systems
- enterprise_linux_for_power_little_endian_eus
- enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
- enterprise_linux_eus
- codeready_linux_builder_for_ibm_z_systems_eus
- codeready_linux_builder_for_ibm_z_systems
- enterprise_linux_tus
- enterprise_linux_for_ibm_z_systems_s390x
gnu
- glibc
fedoraproject
- fedora