PT-2023-8453 · Glibc+8 · Glibc+8
Guilherme De Almeida Suckevicz
+1
·
Publicado
2023-09-12
·
Atualizado
2026-05-12
·
CVE-2023-4806
CVSS v3.1
5.9
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
glibc (affected versions not specified)
Description
A flaw was found in glibc, where the
getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nss * gethostbyname2 r and nss * getcanonname r hooks without implementing the nss * gethostbyname3 r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF INET6 address family with AI CANONNAME, AI ALL, and AI V4MAPPED as flags.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Use After Free
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Red Hat
Rocky Linux
Ubuntu
Glibc