CVE-2023-4806

MEDIUM

glibc - Use-After-Free in getaddrinfo with NSS Module Hooks

Title source: llm

Description

A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

References (17)

Core 17

Core References

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/

Vendor Advisory

https://security.netapp.com/advisory/ntap-20240125-0008/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/

Third Party Advisory

https://security.gentoo.org/glsa/202310-03

Mailing List

http://www.openwall.com/lists/oss-security/2023/10/03/4

Mailing List

http://www.openwall.com/lists/oss-security/2023/10/03/5

Mailing List

http://www.openwall.com/lists/oss-security/2023/10/03/6

Mailing List

http://www.openwall.com/lists/oss-security/2023/10/03/8

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:5453

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHBA-2024:2413

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:5455

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:7409

Third Party Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2023-4806

Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2237782

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-082556.html

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-831302.html

Scores

CVSS v3 5.9

EPSS 0.0190

EPSS Percentile 83.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-416

Status published

Products (36)

fedoraproject/fedora 37

fedoraproject/fedora 38

fedoraproject/fedora 39

gnu/glibc 2.33

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8 0:2.28-225.el8_8.6

Red Hat/Red Hat Enterprise Linux 8.6 Extended Update Support 0:2.28-189.8.el8_6

Red Hat/Red Hat Enterprise Linux 9 0:2.34-100.el9

Red Hat/Red Hat Enterprise Linux 9 0:2.34-60.el9_2.7

... and 26 more

Published Sep 18, 2023

Tracked Since Feb 18, 2026