A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | glibc | < 2.36-9+deb12u3 | glibc_2.36-9+deb12u3_all.deb |
Debian | 11 | all | glibc | < 2.31-13+deb11u8 | glibc_2.31-13+deb11u8_all.deb |
Debian | 10 | all | glibc | < 2.28-10+deb10u1 | glibc_2.28-10+deb10u1_all.deb |
Debian | 999 | all | glibc | < 2.37-9 | glibc_2.37-9_all.deb |
Debian | 13 | all | glibc | < 2.37-9 | glibc_2.37-9_all.deb |