A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
25 Jan 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Nov 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Oct 2023, 17:59
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_tus:8.8:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
|
References | (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/5 - Mailing List | |
References | (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/8 - Mailing List | |
References | (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/4 - Mailing List | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:5455 - Third Party Advisory | |
References | (MISC) https://security.gentoo.org/glsa/202310-03 - Third Party Advisory | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/ - Mailing List | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/ - Mailing List | |
References | (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/6 - Mailing List | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/ - Mailing List | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:5453 - Third Party Advisory | |
First Time |
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux For Ibm Z Systems S390x Fedoraproject fedora Redhat enterprise Linux For Arm 64 Redhat codeready Linux Builder For Arm64 Eus Fedoraproject Redhat enterprise Linux For Ibm Z Systems Eus S390x Redhat codeready Linux Builder For Arm64 Redhat codeready Linux Builder Eus For Power Little Endian Redhat enterprise Linux For Arm 64 Eus Redhat enterprise Linux Server Aus Redhat enterprise Linux Eus Redhat enterprise Linux For Ibm Z Systems Eus Redhat codeready Linux Builder For Ibm Z Systems Eus Redhat enterprise Linux Tus Redhat codeready Linux Builder Eus Redhat codeready Linux Builder For Ibm Z Systems Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Redhat codeready Linux Builder Eus For Power Little Endian Eus |
05 Oct 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Oct 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Oct 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Oct 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Oct 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Sep 2023, 19:54
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
22 Sep 2023, 13:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:glibc:2.33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-4806 - Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2237782 - Issue Tracking, Third Party Advisory | |
First Time |
Gnu glibc
Gnu Redhat Redhat enterprise Linux |
|
CWE | CWE-416 |
18 Sep 2023, 18:23
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-18 17:15
Updated : 2024-01-25 14:15
NVD link : CVE-2023-4806
Mitre link : CVE-2023-4806
CVE.ORG link : CVE-2023-4806
JSON object : View
Products Affected
redhat
- enterprise_linux_for_ibm_z_systems_eus_s390x
- codeready_linux_builder_for_ibm_z_systems
- enterprise_linux_server_aus
- enterprise_linux_eus
- codeready_linux_builder_eus_for_power_little_endian
- enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
- enterprise_linux_for_ibm_z_systems
- enterprise_linux_for_power_little_endian_eus
- enterprise_linux_for_ibm_z_systems_s390x
- codeready_linux_builder_for_arm64
- codeready_linux_builder_for_arm64_eus
- enterprise_linux_for_ibm_z_systems_eus
- codeready_linux_builder_eus
- enterprise_linux_for_power_little_endian
- codeready_linux_builder_for_ibm_z_systems_eus
- enterprise_linux_for_arm_64_eus
- enterprise_linux
- codeready_linux_builder_eus_for_power_little_endian_eus
- enterprise_linux_for_arm_64
- enterprise_linux_tus
gnu
- glibc
fedoraproject
- fedora
CWE
CWE-416
Use After Free