Lucene search

K

Redhat.comRH:CVE-2023-4813

HistorySep 12, 2023 - 2:54 p.m.

CVE-2023-4813

2023-09-1214:54:22

redhat.com

access.redhat.com

10

glibc

application crash

getaddrinfo

/etc/nsswitch.conf

vulnerability

mitigation

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

48.9%

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

Mitigation

Removing the "SUCCESS=continue" or "SUCCESS=merge" configuration from the hosts database in /etc/nsswitch.conf will mitigate this vulnerability.

Note that, these options are not supported by the hosts database, if they were working before it was because of this bug.

References

bugzilla.redhat.com/show_bug.cgi?id=2237798

nvd.nist.gov/vuln/detail/CVE-2023-4813

www.cve.org/CVERecord?id=CVE-2023-4813

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

48.9%

Related for RH:CVE-2023-4813

nvd1 openvas19 osv6 nessus34 cvelist1 prion1 ibm9 ubuntucve2 cve1 debiancve1 redhat76 photon2 ubuntu2 cloudfoundry2 rocky1 oraclelinux4 rosalinux1 almalinux2 hp2 ics1