PT-2026-26670 · Gnu+1 · Gnu C Library+1

Kevin Farrell

Publicado

2026-01-01

Atualizado

2026-06-01

CVE-2026-4437

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNU C Library versions 2.34 through 2.43

Description The GNU C Library contains a flaw where calling the gethostbyaddr or gethostbyaddr r functions with a specific nsswitch.conf configuration utilizing the library’s DNS backend may lead to a violation of the DNS specification. A crafted response from a configured DNS server could cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer.

Recommendations Versions prior to 2.34 or after 2.43 should be used.

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALSA-2026:19061

CVE-2026-4437

ECHO-3C7D-5484-9E80

OPENSUSE-SU-2026:10662-1

OPENSUSE-SU-2026:20501-1

RHSA-2026:19061

RHSA-2026:20597

RHSA-2026:7316

SUSE-SU-2026:1369-1

SUSE-SU-2026:21019-1

SUSE-SU-2026:21039-1

SUSE-SU-2026:21069-1

SUSE-SU-2026:21164-1

Produtos afetados

Gnu C Library

Rocky Linux

PT-2026-26670 · Gnu+1 · Gnu C Library+1

CVE-2026-4437

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 45