« List of all CVEs

CVE-2023-4806

Glibc: potential use-after-free in getaddrinfo()

Published: 9/18/2023 Last updated: 11/20/2025 Reserved: 9/6/2023

A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 5.9 Medium CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (1)

gettext-stub

Products affected (17)

Product Vendor Version
Red Hat Enterprise Linux 7 Red Hat Android-11
Red Hat Enterprise Linux 8 Red Hat n/a
Red Hat Enterprise Linux 9 Red Hat firmware version prior to V3.10
Red Hat Enterprise Linux 9 Red Hat all versions
Red Hat Enterprise Linux 9 Red Hat before version 5.0.1
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat n/a
Red Hat Enterprise Linux 6 Red Hat all versions
Red Hat Enterprise Linux 7 Red Hat Prior to 6.10.0, 6.9.6 and 6.8.9
Red Hat Enterprise Linux 8 Red Hat < 485d65e1357123a697c591a5aeb773994b247ad7
Red Hat Enterprise Linux 8.6 Extended Update Support Red Hat Android-8.1
Red Hat Enterprise Linux 9 Red Hat 74dd45122b84479eee50bd0956ae8bc5799c9f8a
Red Hat Enterprise Linux 9 Red Hat Android-10
Red Hat Enterprise Linux 9 Red Hat < 2307201242
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat e801f81cee3c8901f52ee48c6329802b28fbb49c
Red Hat Enterprise Linux 6 Red Hat Linux kernel through 3.1
Red Hat Enterprise Linux 8 Red Hat firmware version prior to V2.90
Red Hat Enterprise Linux 7 Red Hat d73d81447c6651904dd4a9e3fd88651ff174c1b7

References (40)

Credits (2)