CVE-2023-4527

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions glibc (affected versions not specified)

Description A flaw was found in glibc. When the getaddrinfo function is called with the AF UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. The issue is related to reading data beyond the buffer boundaries in memory, which can be exploited by a remote attacker to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Stack Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-125

Related Identifiers

ALSA-2023:5453

ALSA-2023:5455

AZL-34732

BDU:2023-06332

CESA-2023_5455

CVE-2023-4527

DSA-5514-1

MGASA-2023-0270

OPENSUSE-SU-2024:13273-1

RHSA-2023:5453

RHSA-2023:5455

RHSA-2023_5453

RHSA-2023_5455

RLSA-2023:5455

USN-6409-1

Affected Products

Almalinux

Centos

Linuxmint

Red Hat

Rocky Linux

Ubuntu

Glibc

CVE-2023-4527

Weakness Enumeration

Related Identifiers

Affected Products

References · 67