CVE-2023-4806

Summary

A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nss_gethostbyname2_r and nss_getcanonname_r hooks without implementing the nss*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 80:2.28-225.el8_8.6 < *unaffected
Red HatRed Hat Enterprise Linux 80:2.28-225.el8_8.6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support0:2.28-189.8.el8_6 < *unaffected
Red HatRed Hat Enterprise Linux 90:2.34-100.el9 < *unaffected
Red HatRed Hat Enterprise Linux 90:2.34-60.el9_2.7 < *unaffected
Red HatRed Hat Enterprise Linux 90:2.34-100.el9 < *unaffected
Red HatRed Hat Enterprise Linux 90:2.34-60.el9_2.7 < *unaffected
Red HatRed Hat Virtualization 4 for Red Hat Enterprise Linux 80:2.28-189.8.el8_6 < *unaffected

Weaknesses

  • CWE-416: Use After Free

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References