CVE-2026-4437

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNU C Library versions 2.34 through 2.43

Description The GNU C Library contains a flaw where calling the gethostbyaddr or gethostbyaddr r functions with a specific nsswitch.conf configuration utilizing the library’s DNS backend may lead to a violation of the DNS specification. A crafted response from a configured DNS server could cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer.

Recommendations Versions prior to 2.34 or after 2.43 should be used.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2026:19061

CVE-2026-4437

ECHO-3C7D-5484-9E80

OPENSUSE-SU-2026:10662-1

OPENSUSE-SU-2026:20501-1

RHSA-2026:19061

RHSA-2026:7316

SUSE-SU-2026:1369-1

SUSE-SU-2026:21019-1

SUSE-SU-2026:21039-1

SUSE-SU-2026:21069-1

SUSE-SU-2026:21164-1

Affected Products

Gnu C Library

CVE-2026-4437

Weakness Enumeration

Related Identifiers

Affected Products

References · 43