CVE-2026-4438

CVSS v3.1

5.4

Medium

AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions GNU C library versions 2.34 through 2.43

Description The GNU C library’s gethostbyaddr and gethostbyaddr r functions, when used with a configured nsswitch.conf file specifying the library’s DNS backend, may return invalid DNS hostnames. This behavior violates the DNS specification.

Recommendations Update the GNU C library to a version later than 2.43.

Fix

RCE

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-88

Related Identifiers

CVE-2026-4438

Affected Products

Gnu C Library

CVE-2026-4438

Weakness Enumeration

Related Identifiers

Affected Products

References · 8