CVE-2026-4437
published 2026-03-20CVE-2026-4437: Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glibc | < glibc 2.42-14 (forky) | glibc 2.42-14 (forky) |
| gnu | glibc | >= 0 < 2.42-14 | 2.42-14 |
| gnu | glibc | 2.34 – 2.43 | — |
| msrc | azl3_glibc_2.38-18_on_azure_linux_3.0 | — | — |
| msrc | cbl2_glibc_2.35-10_on_cbl_mariner_2.0 | — | — |
| the_gnu_c_library | glibc | 2.34 – 2.43 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH