Memory Leak Vulnerability in GNU C Library Affecting DNS Resolution
CVE-2026-0915

Currently unrated

Key Information:

Vendor: The Gnu C Library
Status: Glibc
Vendor: CVE Published:; 15 January 2026

🔔 Create The Gnu C Library Vulnerability Alert

What is CVE-2026-0915?

A memory leak vulnerability exists in the GNU C Library that may expose stack contents to a configured DNS resolver. This occurs when the functions getnetbyaddr or getnetbyaddr_r are called, and the nsswitch.conf configuration specifies the use of the library's DNS backend for querying networks with a zero-valued address. The potential exposure of sensitive information to external DNS resolvers raises significant security concerns.

Affected Version(s)

glibc 2.0 <= 2.42

References

https://sourceware.org/bugzilla/show_bug.cgi?id=33802

Timeline

Vulnerability published
Jan 15, 2026
Vulnerability Reserved
Jan 13, 2026

Credit

Igor Morgenstern, Aisle Research

JSON