CVE-2023-4813

MEDIUM LAB

glibc - Use After Free

Title source: llm

Description

A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

Exploits (1)

nomisec WORKING POC 1 stars

by tnishiox · poc

https://github.com/tnishiox/cve-2023-4813

View Code ZIP pw:eip

References (8)

Core 8

Core References

Vendor Advisory

https://security.netapp.com/advisory/ntap-20231110-0003/

Mailing List

http://www.openwall.com/lists/oss-security/2023/10/03/8

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHBA-2024:2413

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:5453

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:5455

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:7409

Third Party Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2023-4813

Issue Tracking, Patch, Third Party Advisory issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2237798

Scores

CVSS v3 5.9

EPSS 0.0030

EPSS Percentile 53.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull almalinux:8.8-minimal

https://github.com/tnishiox/cve-2023-4813

View in Library

Details

CWE

CWE-416

Status published

Products (18)

fedoraproject/fedora 38

gnu/glibc < 2.36

netapp/active_iq_unified_manager

netapp/h300s_firmware

netapp/h410c_firmware

netapp/h410s_firmware

netapp/h500s_firmware

netapp/h700s_firmware

redhat/enterprise_linux 8.0

redhat/enterprise_linux 9.0

... and 8 more

Published Sep 12, 2023

Tracked Since Feb 18, 2026