CVE-2023-4813
published 2023-09-12CVE-2023-4813: A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash…
medium5.9CVSS 3.1
AVNACHPRNUINSUCNINAH
A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glibc | < glibc 2.36-3 (bookworm) | glibc 2.36-3 (bookworm) |
| fedoraproject | fedora | — | — |
| gnu | glibc | < 2.36 | 2.36 |
| gnu | glibc | >= 0 < 2.36-3 | 2.36-3 |
| gnu | glibc | >= 0 < 2.36-3 | 2.36-3 |
| gnu | glibc | >= 0 < 2.36-3 | 2.36-3 |
| gnu | glibc | >= 0 < 2.31-0ubuntu9.14 | 2.31-0ubuntu9.14 |
| gnu | glibc | >= 0 < 2.35-0ubuntu3.6 | 2.35-0ubuntu3.6 |
| gnu | glibc | >= 0 < 2.35-0ubuntu3.5 | 2.35-0ubuntu3.5 |
| gnu | glibc | >= 0 < 2.23-0ubuntu11.3+esm5 | 2.23-0ubuntu11.3+esm5 |
| gnu | glibc | >= 0 < 2.27-3ubuntu1.6+esm1 | 2.27-3ubuntu1.6+esm1 |
| msrc | cbl2_glibc_2.35-7_on_cbl_mariner_2.0 | — | — |
| paloalto | pan-os | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_for_ibm_z_systems_eus_s390x | — | — |
| redhat | enterprise_linux_for_ibm_z_systems_s390x | — | — |
| redhat | enterprise_linux_for_power_little_endian | — | — |
| redhat | enterprise_linux_for_power_little_endian_eus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
osv5.9MEDIUM