CVE-2023-4813

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-4813
A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://www.openwall.com/lists/oss-security/2023/10/03/8 Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5453 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5455 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7409 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4813 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2237798 Issue Tracking Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20231110-0003/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
History

21 Jan 2024, 01:49

Type Values Removed Values Added
First Time Netapp h500s
Netapp h700s Firmware
Netapp h410c
Netapp h700s
Netapp
Netapp h500s Firmware
Netapp h300s Firmware
Netapp h300s
Netapp h410c Firmware
Netapp active Iq Unified Manager
Netapp h410s
Netapp h410s Firmware
CPE cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
References () https://access.redhat.com/errata/RHSA-2023:7409 - () https://access.redhat.com/errata/RHSA-2023:7409 - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20231110-0003/ - () https://security.netapp.com/advisory/ntap-20231110-0003/ - Third Party Advisory

21 Nov 2023, 18:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7409 -

10 Nov 2023, 18:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20231110-0003/ -

13 Oct 2023, 01:18

Type Values Removed Values Added
CPE cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
First Time Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux Server Aus
Redhat enterprise Linux For Ibm Z Systems S390x
Redhat enterprise Linux Eus
Redhat enterprise Linux Server Tus
Redhat enterprise Linux For Ibm Z Systems Eus S390x
References (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/8 - (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/8 - Mailing List, Third Party Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:5453 - (MISC) https://access.redhat.com/errata/RHSA-2023:5453 - Third Party Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:5455 - (MISC) https://access.redhat.com/errata/RHSA-2023:5455 - Third Party Advisory

05 Oct 2023, 16:15

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/errata/RHSA-2023:5455 -
  • (MISC) https://access.redhat.com/errata/RHSA-2023:5453 -

04 Oct 2023, 00:15

Type Values Removed Values Added
References
  • (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/8 -

20 Sep 2023, 19:01

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 5.9

18 Sep 2023, 14:07

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2237798 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2237798 - Issue Tracking, Patch, Third Party Advisory
References (MISC) https://access.redhat.com/security/cve/CVE-2023-4813 - (MISC) https://access.redhat.com/security/cve/CVE-2023-4813 - Third Party Advisory
CPE cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
First Time Fedoraproject
Gnu glibc
Gnu
Fedoraproject fedora
Redhat
Redhat enterprise Linux
CWE CWE-416

12 Sep 2023, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-09-12 22:15

Updated : 2024-01-21 01:49

NVD link : CVE-2023-4813

Mitre link : CVE-2023-4813

CVE.ORG link : CVE-2023-4813

JSON object : View

Products Affected

netapp

  • h700s_firmware
  • h410s
  • h300s
  • h700s
  • h410s_firmware
  • h500s
  • h300s_firmware
  • h410c
  • active_iq_unified_manager
  • h500s_firmware
  • h410c_firmware

redhat

  • enterprise_linux_for_power_little_endian
  • enterprise_linux
  • enterprise_linux_server_aus
  • enterprise_linux_for_ibm_z_systems_eus_s390x
  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_eus
  • enterprise_linux_server_tus
  • enterprise_linux_for_ibm_z_systems_s390x

gnu

  • glibc

fedoraproject

  • fedora
CWE
CWE-416

Use After Free