IM
IronMonkey Threat Research

CVE-2023-4806 MEDIUM

Published: 2023-09-18 | Last Modified: 2026-07-14 | Status: Modified

Description

A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

Additional Descriptions (1)

Se encontró una falla en glibc. En una situación extremadamente rara, la función getaddrinfo puede acceder a la memoria que se ha liberado, lo que provoca un bloqueo de la aplicación. Este problema solo se puede explotar cuando un módulo NSS implementa solo los hooks _nss_*_gethostbyname2_r y _nss_*_getcanonname_r sin implementar el hook _nss_*_gethostbyname3_r. El nombre resuelto debe devolver una gran cantidad de direcciones IPv6 e IPv4, y la llamada a la función getaddrinfo debe tener la familia de direcciones AF_INET6 con AI_CANONNAME, AI_ALL y AI_V4MAPPED como indicadores.

CVSS Metrics

Base Score: 5.9 (MEDIUM)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorNETWORK
Attack ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 2.2

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-416
[email protected] Primary
en CWE-416

Affected Products

Vendor Product Version Update Type
gnu glibc 2.33 <built-in method update of dict object at 0x702bdc3f6740> Application
redhat codeready_linux_builder_eus 9.2 <built-in method update of dict object at 0x702bdd9bde40> Application
redhat codeready_linux_builder_eus_for_power_little_endian 9.0_ppc64le <built-in method update of dict object at 0x702bdc3f6040> Application
redhat codeready_linux_builder_eus_for_power_little_endian_eus 9.2_ppc64le <built-in method update of dict object at 0x702bdd9be200> Application
redhat codeready_linux_builder_for_arm64 9.0_aarch64 <built-in method update of dict object at 0x702bdc3f62c0> Application
redhat codeready_linux_builder_for_arm64_eus 9.2_aarch64 <built-in method update of dict object at 0x702bdd9bcfc0> Application
redhat codeready_linux_builder_for_ibm_z_systems 9.0_s390x <built-in method update of dict object at 0x702bdd9bd640> Application
redhat codeready_linux_builder_for_ibm_z_systems_eus 9.2_s390x <built-in method update of dict object at 0x702bdd9bf2c0> Application
redhat enterprise_linux 7.0 <built-in method update of dict object at 0x702bdd9bc1c0> Operating System
redhat enterprise_linux 8.0 <built-in method update of dict object at 0x702bdd9bc240> Operating System
redhat enterprise_linux 9.0 <built-in method update of dict object at 0x702bdd6afec0> Operating System
redhat enterprise_linux_eus 8.8 <built-in method update of dict object at 0x702bdd9bd840> Operating System
redhat enterprise_linux_eus 9.2 <built-in method update of dict object at 0x702bdc3f6480> Operating System
redhat enterprise_linux_for_arm_64 9.0_aarch64 <built-in method update of dict object at 0x702bdd9be340> Operating System
redhat enterprise_linux_for_arm_64_eus 9.2_aarch64 <built-in method update of dict object at 0x702bdd9bef40> Operating System
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x <built-in method update of dict object at 0x702bdd9bf780> Operating System
redhat enterprise_linux_for_ibm_z_systems_eus 8.8_s390x <built-in method update of dict object at 0x702bdd9bc9c0> Operating System
redhat enterprise_linux_for_ibm_z_systems_eus_s390x 9.2 <built-in method update of dict object at 0x702bdd9bec00> Operating System
redhat enterprise_linux_for_ibm_z_systems_s390x 9.2 <built-in method update of dict object at 0x702bdd9bf700> Operating System
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le <built-in method update of dict object at 0x702bdd9be480> Operating System
redhat enterprise_linux_for_power_little_endian 9.2_ppc64le <built-in method update of dict object at 0x702bdd9bde80> Operating System
redhat enterprise_linux_for_power_little_endian_eus 8.8_ppc64le <built-in method update of dict object at 0x702bdd9be880> Operating System
redhat enterprise_linux_for_power_little_endian_eus 9.2_ppc64le <built-in method update of dict object at 0x702b50165d00> Operating System
redhat enterprise_linux_server_aus 9.2 <built-in method update of dict object at 0x702bdd9bc2c0> Operating System
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2_ppc64le <built-in method update of dict object at 0x702bdd9bff40> Operating System
redhat enterprise_linux_tus 8.8 <built-in method update of dict object at 0x702bdc3f7a80> Operating System
fedoraproject fedora 37 <built-in method update of dict object at 0x702bdd9bcc40> Operating System
fedoraproject fedora 38 <built-in method update of dict object at 0x702bdc3f4a00> Operating System
fedoraproject fedora 39 <built-in method update of dict object at 0x702b50165cc0> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:gnu:glibc:2.33:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_tus:8.8:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

References

Notification
Message here