A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/10/03/8 | Mailing List Third Party Advisory |
https://access.redhat.com/errata/RHSA-2023:5453 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2023:5455 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2023:7409 | Third Party Advisory |
https://access.redhat.com/security/cve/CVE-2023-4813 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2237798 | Issue Tracking Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20231110-0003/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
21 Jan 2024, 01:49
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp h500s
Netapp h700s Firmware Netapp h410c Netapp h700s Netapp Netapp h500s Firmware Netapp h300s Firmware Netapp h300s Netapp h410c Firmware Netapp active Iq Unified Manager Netapp h410s Netapp h410s Firmware |
|
CPE | cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* |
|
References | () https://access.redhat.com/errata/RHSA-2023:7409 - Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20231110-0003/ - Third Party Advisory |
21 Nov 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Nov 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Oct 2023, 01:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:* |
|
First Time |
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Server Aus Redhat enterprise Linux For Ibm Z Systems S390x Redhat enterprise Linux Eus Redhat enterprise Linux Server Tus Redhat enterprise Linux For Ibm Z Systems Eus S390x |
|
References | (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/8 - Mailing List, Third Party Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:5453 - Third Party Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:5455 - Third Party Advisory |
05 Oct 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Oct 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Sep 2023, 19:01
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
18 Sep 2023, 14:07
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2237798 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-4813 - Third Party Advisory | |
CPE | cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject
Gnu glibc Gnu Fedoraproject fedora Redhat Redhat enterprise Linux |
|
CWE | CWE-416 |
12 Sep 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-12 22:15
Updated : 2024-01-21 01:49
NVD link : CVE-2023-4813
Mitre link : CVE-2023-4813
CVE.ORG link : CVE-2023-4813
JSON object : View
Products Affected
netapp
- h700s_firmware
- h410s
- h300s
- h700s
- h410s_firmware
- h500s
- h300s_firmware
- h410c
- active_iq_unified_manager
- h500s_firmware
- h410c_firmware
redhat
- enterprise_linux_for_power_little_endian
- enterprise_linux
- enterprise_linux_server_aus
- enterprise_linux_for_ibm_z_systems_eus_s390x
- enterprise_linux_for_power_little_endian_eus
- enterprise_linux_eus
- enterprise_linux_server_tus
- enterprise_linux_for_ibm_z_systems_s390x
gnu
- glibc
fedoraproject
- fedora
CWE
CWE-416
Use After Free