IM
IronMonkey Threat Research

CVE-2026-4438 MEDIUM

Published: 2026-03-20 | Last Modified: 2026-07-14 | Status: Modified

Description

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

Additional Descriptions (1)

Llamar a gethostbyaddr o gethostbyaddr_r con un nsswitch.conf configurado que especifica el backend DNS de la biblioteca en la biblioteca GNU C versión 2.34 a la versión 2.43 podría resultar en que se devuelva un nombre de host DNS no válido al llamador en violación de la especificación DNS.

CVSS Metrics

Base Score: 5.4 (MEDIUM)

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack VectorADJACENT_NETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactLOW
Integrity ImpactLOW
Availability ImpactNONE

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Type: Secondary

Exploitability Score: 2.8

Impact Score: 2.5

Weaknesses

Source Type Description
3ff69d7a-14f2-4f67-a097-88dee7810d18 Secondary
en CWE-20
134c704f-9b21-4f2e-91b3-4a467353bcc0 Secondary
en CWE-88

Affected Products

Vendor Product Version Update Type
gnu glibc * <built-in method update of dict object at 0x702bdcdbd900> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

References

Notification
Message here