CVE-2023-4813
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 | 0:2.28-225.el8_8.6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 0:2.28-225.el8_8.6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support | 0:2.28-189.8.el8_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:2.34-100.el9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:2.34-60.el9_2.7 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:2.34-100.el9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:2.34-60.el9_2.7 < * | unaffected |
| Red Hat | Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | 0:2.28-189.8.el8_6 < * | unaffected |
Weaknesses
- CWE-416: Use After Free
Workarounds
Removing the "SUCCESS=continue" or "SUCCESS=merge" configuration from the hosts database in /etc/nsswitch.conf will mitigate this vulnerability.
Note that, these options are not supported by the hosts database, if they were working before it was because of this bug.
ADP Enrichment
CVE Program Container
Additional References
- http://www.openwall.com/lists/oss-security/2023/10/03/8
- https://access.redhat.com/errata/RHSA-2023:5453
- https://access.redhat.com/errata/RHSA-2023:5455
- https://access.redhat.com/errata/RHSA-2023:7409
- https://access.redhat.com/security/cve/CVE-2023-4813
- https://bugzilla.redhat.com/show_bug.cgi?id=2237798
- https://security.netapp.com/advisory/ntap-20231110-0003/
References
- https://access.redhat.com/errata/RHBA-2024:2413
- https://access.redhat.com/errata/RHSA-2023:5453
- https://access.redhat.com/errata/RHSA-2023:5455
- https://access.redhat.com/errata/RHSA-2023:7409
- https://access.redhat.com/security/cve/CVE-2023-4813
- https://bugzilla.redhat.com/show_bug.cgi?id=2237798
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.