Design/Logic Flaw

2023-09-1222:15:00

PRIOn knowledge base

www.prio-n.com

glibc

logic flaw

memory use

application crash

nsswitch.conf configuration

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.9%

JSON

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

CPENameOperatorVersion
fedoraeq38
glibclt2.36
enterprise_linuxeq8.0
enterprise_linuxeq9.0
enterprise_linux_euseq8.8
enterprise_linux_euseq9.2
enterprise_linux_for_ibm_z_systems_eus_s390xeq9.2
enterprise_linux_for_ibm_z_systems_s390xeq9.2
enterprise_linux_for_power_little_endianeq9.2.0-ppc64-le
enterprise_linux_for_power_little_endian_euseq9.2.0-ppc64-le

Name	Operator	Version
fedora	eq	38
glibc	lt	2.36
enterprise_linux	eq	8.0
enterprise_linux	eq	9.0
enterprise_linux_eus	eq	8.8
enterprise_linux_eus	eq	9.2
enterprise_linux_for_ibm_z_systems_eus_s390x	eq	9.2
enterprise_linux_for_ibm_z_systems_s390x	eq	9.2
enterprise_linux_for_power_little_endian	eq	9.2.0-ppc64-le
enterprise_linux_for_power_little_endian_eus	eq	9.2.0-ppc64-le