A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
Se encontró una falla en glibc. En una situación extremadamente rara, la función getaddrinfo puede acceder a la memoria que se ha liberado, lo que provoca un bloqueo de la aplicación. Este problema solo se puede explotar cuando un módulo NSS implementa solo los hooks _nss_*_gethostbyname2_r y _nss_*_getcanonname_r sin implementar el hook _nss_*_gethostbyname3_r. El nombre resuelto debe devolver una gran cantidad de direcciones IPv6 e IPv4, y la llamada a la función getaddrinfo debe tener la familia de direcciones AF_INET6 con AI_CANONNAME, AI_ALL y AI_V4MAPPED como indicadores.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | HIGH |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-416
|
| [email protected] | Primary |
en
CWE-416
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| gnu | glibc | 2.33 | <built-in method update of dict object at 0x702bdc3f6740> | Application |
| redhat | codeready_linux_builder_eus | 9.2 | <built-in method update of dict object at 0x702bdd9bde40> | Application |
| redhat | codeready_linux_builder_eus_for_power_little_endian | 9.0_ppc64le | <built-in method update of dict object at 0x702bdc3f6040> | Application |
| redhat | codeready_linux_builder_eus_for_power_little_endian_eus | 9.2_ppc64le | <built-in method update of dict object at 0x702bdd9be200> | Application |
| redhat | codeready_linux_builder_for_arm64 | 9.0_aarch64 | <built-in method update of dict object at 0x702bdc3f62c0> | Application |
| redhat | codeready_linux_builder_for_arm64_eus | 9.2_aarch64 | <built-in method update of dict object at 0x702bdd9bcfc0> | Application |
| redhat | codeready_linux_builder_for_ibm_z_systems | 9.0_s390x | <built-in method update of dict object at 0x702bdd9bd640> | Application |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 9.2_s390x | <built-in method update of dict object at 0x702bdd9bf2c0> | Application |
| redhat | enterprise_linux | 7.0 | <built-in method update of dict object at 0x702bdd9bc1c0> | Operating System |
| redhat | enterprise_linux | 8.0 | <built-in method update of dict object at 0x702bdd9bc240> | Operating System |
| redhat | enterprise_linux | 9.0 | <built-in method update of dict object at 0x702bdd6afec0> | Operating System |
| redhat | enterprise_linux_eus | 8.8 | <built-in method update of dict object at 0x702bdd9bd840> | Operating System |
| redhat | enterprise_linux_eus | 9.2 | <built-in method update of dict object at 0x702bdc3f6480> | Operating System |
| redhat | enterprise_linux_for_arm_64 | 9.0_aarch64 | <built-in method update of dict object at 0x702bdd9be340> | Operating System |
| redhat | enterprise_linux_for_arm_64_eus | 9.2_aarch64 | <built-in method update of dict object at 0x702bdd9bef40> | Operating System |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x | <built-in method update of dict object at 0x702bdd9bf780> | Operating System |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.8_s390x | <built-in method update of dict object at 0x702bdd9bc9c0> | Operating System |
| redhat | enterprise_linux_for_ibm_z_systems_eus_s390x | 9.2 | <built-in method update of dict object at 0x702bdd9bec00> | Operating System |
| redhat | enterprise_linux_for_ibm_z_systems_s390x | 9.2 | <built-in method update of dict object at 0x702bdd9bf700> | Operating System |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le | <built-in method update of dict object at 0x702bdd9be480> | Operating System |
| redhat | enterprise_linux_for_power_little_endian | 9.2_ppc64le | <built-in method update of dict object at 0x702bdd9bde80> | Operating System |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.8_ppc64le | <built-in method update of dict object at 0x702bdd9be880> | Operating System |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.2_ppc64le | <built-in method update of dict object at 0x702b50165d00> | Operating System |
| redhat | enterprise_linux_server_aus | 9.2 | <built-in method update of dict object at 0x702bdd9bc2c0> | Operating System |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.2_ppc64le | <built-in method update of dict object at 0x702bdd9bff40> | Operating System |
| redhat | enterprise_linux_tus | 8.8 | <built-in method update of dict object at 0x702bdc3f7a80> | Operating System |
| fedoraproject | fedora | 37 | <built-in method update of dict object at 0x702bdd9bcc40> | Operating System |
| fedoraproject | fedora | 38 | <built-in method update of dict object at 0x702bdc3f4a00> | Operating System |
| fedoraproject | fedora | 39 | <built-in method update of dict object at 0x702b50165cc0> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:gnu:glibc:2.33:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_tus:8.8:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* |