IM
IronMonkey Threat Research

CVE-2023-4527 MEDIUM

Published: 2023-09-18 | Last Modified: 2026-05-12 | Status: Modified

Description

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

Additional Descriptions (1)

Se encontró una falla en glibc. Cuando se llama a la función getaddrinfo con la familia de direcciones AF_UNSPEC y el sistema está configurado con el modo no-aaaa a través de /etc/resolv.conf, una respuesta DNS a través de TCP de más de 2048 bytes puede potencialmente revelar el contenido de la pila de memoria a través de los datos de la dirección devuelta por la función, y puede provocar un crash.

CVSS Metrics

Base Score: 6.5 (MEDIUM)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

Attack VectorNETWORK
Attack ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactLOW
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 2.2

Impact Score: 4.2

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-121
[email protected] Primary
en CWE-125

Affected Products

Vendor Product Version Update Type
gnu glibc * <built-in method update of dict object at 0x702bde167380> Application
gnu glibc * <built-in method update of dict object at 0x702ba6ed9640> Application
gnu glibc * <built-in method update of dict object at 0x702b83f2f900> Application
redhat codeready_linux_builder_eus 9.2 <built-in method update of dict object at 0x702b80adaf00> Application
redhat codeready_linux_builder_eus_for_power_little_endian 9.0_ppc64le <built-in method update of dict object at 0x702bde164980> Application
redhat codeready_linux_builder_eus_for_power_little_endian_eus 9.2_ppc64le <built-in method update of dict object at 0x702bde1662c0> Application
redhat codeready_linux_builder_for_arm64 9.0_aarch64 <built-in method update of dict object at 0x702bde164880> Application
redhat codeready_linux_builder_for_arm64_eus 9.2_aarch64 <built-in method update of dict object at 0x702bde165140> Application
redhat codeready_linux_builder_for_ibm_z_systems 9.0_s390x <built-in method update of dict object at 0x702b83f2e000> Application
redhat codeready_linux_builder_for_ibm_z_systems_eus 9.2_s390x <built-in method update of dict object at 0x702bde166f00> Application
redhat enterprise_linux 8.0 <built-in method update of dict object at 0x702bdd7d41c0> Operating System
redhat enterprise_linux 9.0 <built-in method update of dict object at 0x702bde165100> Operating System
redhat enterprise_linux_eus 8.8 <built-in method update of dict object at 0x702b83f2edc0> Operating System
redhat enterprise_linux_eus 9.2 <built-in method update of dict object at 0x702b80ad9cc0> Operating System
redhat enterprise_linux_for_arm_64 9.0_aarch64 <built-in method update of dict object at 0x702ba6eda840> Operating System
redhat enterprise_linux_for_arm_64_eus 9.2_aarch64 <built-in method update of dict object at 0x702b80ad9d40> Operating System
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x <built-in method update of dict object at 0x702bde164ac0> Operating System
redhat enterprise_linux_for_ibm_z_systems_eus 8.8_s390x <built-in method update of dict object at 0x702bdd925740> Operating System
redhat enterprise_linux_for_ibm_z_systems_eus_s390x 9.2 <built-in method update of dict object at 0x702bdd7d7580> Operating System
redhat enterprise_linux_for_ibm_z_systems_s390x 9.2 <built-in method update of dict object at 0x702bdd129600> Operating System
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le <built-in method update of dict object at 0x702b80adaa00> Operating System
redhat enterprise_linux_for_power_little_endian 9.2_ppc64le <built-in method update of dict object at 0x702ba6ed9f80> Operating System
redhat enterprise_linux_for_power_little_endian_eus 8.8_ppc64le <built-in method update of dict object at 0x702bde534640> Operating System
redhat enterprise_linux_for_power_little_endian_eus 9.2_ppc64le <built-in method update of dict object at 0x702bde166440> Operating System
redhat enterprise_linux_server_aus 9.2 <built-in method update of dict object at 0x702bdd129280> Operating System
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2_ppc64le <built-in method update of dict object at 0x702bde534c00> Operating System
redhat enterprise_linux_tus 8.8 <built-in method update of dict object at 0x702b83f2cdc0> Operating System
fedoraproject fedora 37 <built-in method update of dict object at 0x702b80ad9000> Operating System
fedoraproject fedora 38 <built-in method update of dict object at 0x702ba6ed8340> Operating System
fedoraproject fedora 39 <built-in method update of dict object at 0x702b80adb600> Operating System
netapp h300s_firmware - <built-in method update of dict object at 0x702bde5367c0> Operating System
netapp h500s_firmware - <built-in method update of dict object at 0x702bdd4afb00> Operating System
netapp h700s_firmware - <built-in method update of dict object at 0x702bdc9f7cc0> Operating System
netapp h410s_firmware - <built-in method update of dict object at 0x702bde537000> Operating System
netapp h410c_firmware - <built-in method update of dict object at 0x702bde535e00> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_tus:8.8:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

References

Notification
Message here