CVE-2026-0915

HIGH

GNU Glibc < 2.42 - Use of Uninitialized Resource

Title source: rule

Description

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Exploits (1)

github SUSPICIOUS

by cyberwulfy200-dev · shellpoc

https://github.com/cyberwulfy200-dev/CVE-2026-0915-json-Patch.-V2.0

View Code ZIP pw:eip

References (2)

[Broken Link] https://sourceware.org/bugzilla/show_bug.cgi?id=33802

[Mailing List] http://www.openwall.com/lists/oss-security/2026/01/16/6

Scores

CVSS v3 7.5

EPSS 0.0002

EPSS Percentile 4.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-908

Status published

Affected Products (1)

gnu/glibc < 2.42

Timeline

Published Jan 15, 2026

Tracked Since Feb 18, 2026