Gnu · Gnu C Library · CVE-2026-4437
**Name of the Vulnerable Software and Affected Versions**
GNU C Library versions 2.34 through 2.43
**Description**
The GNU C Library contains a flaw where calling the `gethostbyaddr` or `gethostbyaddr r` functions with a specific `nsswitch.conf` configuration utilizing the library’s DNS backend may lead to a violation of the DNS specification. A crafted response from a configured DNS server could cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer.
**Recommendations**
Versions prior to 2.34 or after 2.43 should be used.