CVE-2023-5156

CWE-401Memory Leak9 documents8 sources
Severity
7.5HIGH
EPSS
0.1%
top 81.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU GlibcRedhat Enterprise Linux
Timeline
PublishedSep 25
Latest updateDec 7

Description

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDgnu/glibc2.342.39
Debianglibc< 2.37-11+1

Also affects: Enterprise Linux 8.0, 9.0

Patches

Patch: bugzilla.redhat.comPatch: sourceware.orgPatch: sourceware.org

🔴Vulnerability Details

4
OSV
glibc vulnerabilities2023-12-07
GHSA
GHSA-m7p3-g2hx-xfc3: A flaw was found in the GNU C Library2023-09-25
OSV
CVE-2023-5156: A flaw was found in the GNU C Library2023-09-25
CVEList
Glibc: dos due to memory leak in getaddrinfo.c2023-09-25

📋Vendor Advisories

4
Ubuntu
GNU C Library vulnerabilities2023-12-07
Red Hat
glibc: DoS due to memory leak in getaddrinfo.c2023-09-25
Microsoft
Glibc: dos due to memory leak in getaddrinfo.c2023-09-12
Debian
CVE-2023-5156: glibc - A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced...2023
CVE-2023-5156 (HIGH CVSS 7.5) | A flaw was found in the GNU C Libra | cvebase.io