CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
40.0%
A flaw was found in glibc. In an extremely rare situation, the getaddrinfo
function may access memory that has been freed, resulting in an application
crash. This issue is only exploitable when a NSS module implements only the
nss_gethostbyname2_r and nss_getcanonname_r hooks without
implementing the nss*_gethostbyname3_r hook. The resolved name should
return a large number of IPv6 and IPv4, and the call to the getaddrinfo
function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL
and AI_V4MAPPED as flags.
Author | Note |
---|---|
Priority reason: No known NSS modules expose the vulnerability | |
mdeslaur | This is only an issue when using an NSS module with a very specific behaviour. There are no known NSS modules which are implemented this way. The fix for this issue introduced a leak, identified as CVE-2023-5156 which was later fixed with a subsequent commit. Older releases require backporting a dozen refactoring commits. |
ccdm94 | One of the refactoring commits needed to fix this issue is also the fix for CVE-2023-4813. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | eglibc | < any | UNKNOWN |
ubuntu | 18.04 | noarch | glibc | < 2.27-3ubuntu1.6+esm1 | UNKNOWN |
ubuntu | 20.04 | noarch | glibc | < 2.31-0ubuntu9.14 | UNKNOWN |
ubuntu | 22.04 | noarch | glibc | < 2.35-0ubuntu3.5 | UNKNOWN |
ubuntu | 23.04 | noarch | glibc | < 2.37-0ubuntu2.2 | UNKNOWN |
ubuntu | 23.10 | noarch | glibc | < 2.38-1ubuntu5 | UNKNOWN |
ubuntu | 24.04 | noarch | glibc | < 2.38-1ubuntu5 | UNKNOWN |
ubuntu | 16.04 | noarch | glibc | < 2.23-0ubuntu11.3+esm5 | UNKNOWN |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
40.0%