Glibc: potential use-after-free in getaddrinfo()
CVE-2023-4806

5.9MEDIUM

Key Information:

Vendor
Red Hat
Status
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.6 Extended Update Support
Red Hat Enterprise Linux 9
Red Hat Virtualization 4 For Red Hat Enterprise Linux 8
Vendor
CVE Published:
18 September 2023

Summary

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nss_gethostbyname2_r and nss_getcanonname_r hooks without implementing the nss*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

Affected Version(s)

Red Hat Enterprise Linux 8 0:2.28-225.el8_8.6

Red Hat Enterprise Linux 8 0:2.28-225.el8_8.6

Red Hat Enterprise Linux 8.6 Extended Update Support 0:2.28-189.8.el8_6

References

https://access.redhat.com/errata/RHSA-2023:5453
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:5455
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7409
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

This issue was discovered by Siddhesh Poyarekar (Red Hat).
.