Glibc: potential use-after-free in gaih_inet()
CVE-2023-4813

5.9MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.6 Extended Update Support
Red Hat Enterprise Linux 9
Red Hat Virtualization 4 For Red Hat Enterprise Linux 8
Vendor
CVE Published:
12 September 2023

Badges

đź“° News Worthy

What is CVE-2023-4813?

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

Affected Version(s)

Red Hat Enterprise Linux 8 0:2.28-225.el8_8.6

Red Hat Enterprise Linux 8 0:2.28-225.el8_8.6

Red Hat Enterprise Linux 8.6 Extended Update Support 0:2.28-189.8.el8_6

News Articles

favicon imagewww.cve.news

glibc - CVE CyberSecurity Database News

CVE CyberSecurity Database News - Latest cybersecurity news and CVE details Sign...

References

https://access.redhat.com/errata/RHBA-2024:2413
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:5453
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:5455
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by www.cve.news

  • Vulnerability published

  • Vulnerability Reserved

.