cbcvebase.
CVE-2026-0915
published 2026-01-15

CVE-2026-0915: Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued…

high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Affected

11 ranges
VendorProductVersion rangeFixed in
debianglibc< glibc 2.42-8 (forky)glibc 2.42-8 (forky)
gnuglibc>= 0 < 2.41-12+deb13u22.41-12+deb13u2
gnuglibc>= 0 < 2.42-82.42-8
gnuglibc>= 0 < 2.35-0ubuntu3.132.35-0ubuntu3.13
gnuglibc>= 0 < 2.39-0ubuntu8.72.39-0ubuntu8.7
gnuglibc>= 0 < 2.42-0ubuntu3.12.42-0ubuntu3.1
gnuglibc>= 0 < 2.23-0ubuntu11.3+esm92.23-0ubuntu11.3+esm9
gnuglibc>= 0 < 2.27-3ubuntu1.6+esm62.27-3ubuntu1.6+esm6
gnuglibc>= 0 < 2.31-0ubuntu9.18+esm12.31-0ubuntu9.18+esm1
gnuglibc2.0 – 2.42
the_gnu_c_libraryglibc2.0 – 2.42

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH