Glibc: potential use-after-free in gaih_inet()

CVE-2023-4813

5.9MEDIUM

Key Information

Vendor: Red Hat
Status: Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.6 Extended Update Support; Red Hat Enterprise Linux 9; Red Hat Virtualization 4 For Red Hat Enterprise Linux 8
Vendor: CVE Published:; 12 September 2023

Badges

📰 News Worthy

Summary

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

Affected Version(s)

Red Hat Enterprise Linux 8 <= 0:2.28-225.el8_8.6

Red Hat Enterprise Linux 8 <= 0:2.28-225.el8_8.6

Red Hat Enterprise Linux 8.6 Extended Update Support <= 0:2.28-189.8.el8_6

News Articles

CVE-2023-4813 CVE-2024-2961

glibc - CVE CyberSecurity Database News

CVE CyberSecurity Database News - Latest cybersecurity news and CVE details Sign...

8 months ago

thmubnail image

Refferences

https://access.redhat.com/errata/RHSA-2023:5453

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2023:5455

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2023:7409

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/security/cve/CVE-2023-4813

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2237798

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

First article discovered by www.cve.news
Apr 23, 2024
Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Sep 7, 2023

Collectors

NVD DatabaseMitre Database1 News Article(s)

.