Lucene search

[email protected]NVD:CVE-2023-4527

HistorySep 18, 2023 - 5:15 p.m.

CVE-2023-4527

2023-09-1817:15:55

CWE-125

CWE-121

[email protected]

web.nvd.nist.gov

glibc

getaddrinfo

af_unspec

no-aaaa mode

dns response

tcp

stack contents

crash

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.9%

JSON

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

Affected configurations

NVD

Node

gnuglibcRange<2.39

Node

redhatcodeready_linux_builder_eusMatch9.2

redhatcodeready_linux_builder_eus_for_power_little_endianMatch9.0_ppc64le

redhatcodeready_linux_builder_eus_for_power_little_endian_eusMatch9.2_ppc64le

redhatcodeready_linux_builder_for_arm64Match9.0_aarch64

redhatcodeready_linux_builder_for_arm64_eusMatch9.2_aarch64

redhatcodeready_linux_builder_for_ibm_z_systemsMatch9.0_s390x

redhatcodeready_linux_builder_for_ibm_z_systems_eusMatch9.2_s390x

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

redhatenterprise_linux_eusMatch8.8

redhatenterprise_linux_eusMatch9.2

redhatenterprise_linux_for_arm_64Match9.0_aarch64

redhatenterprise_linux_for_arm_64_eusMatch9.2_aarch64

redhatenterprise_linux_for_ibm_z_systemsMatch8.0_s390x

redhatenterprise_linux_for_ibm_z_systems_eusMatch8.8_s390x

redhatenterprise_linux_for_ibm_z_systems_eus_s390xMatch9.2

redhatenterprise_linux_for_ibm_z_systems_s390xMatch9.2

redhatenterprise_linux_for_power_little_endianMatch8.0_ppc64le

redhatenterprise_linux_for_power_little_endianMatch9.2_ppc64le

redhatenterprise_linux_for_power_little_endian_eusMatch8.8_ppc64le

redhatenterprise_linux_for_power_little_endian_eusMatch9.2_ppc64le

redhatenterprise_linux_server_ausMatch9.2

redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch9.2_ppc64le

redhatenterprise_linux_tusMatch8.8

Node

fedoraprojectfedoraMatch37

fedoraprojectfedoraMatch38

fedoraprojectfedoraMatch39

Node

netapph300sMatch-

AND

netapph300s_firmwareMatch-

Node

netapph500sMatch-

AND

netapph500s_firmwareMatch-

Node

netapph700sMatch-

AND

netapph700s_firmwareMatch-

Node

netapph410sMatch-

AND

netapph410s_firmwareMatch-

Node

netapph410cMatch-

AND

netapph410c_firmwareMatch-

References

www.openwall.com/lists/oss-security/2023/09/25/1

access.redhat.com/errata/RHSA-2023:5453

access.redhat.com/errata/RHSA-2023:5455

access.redhat.com/security/cve/CVE-2023-4527

bugzilla.redhat.com/show_bug.cgi?id=2234712

lists.fedoraproject.org/archives/list/[email protected]/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/

lists.fedoraproject.org/archives/list/[email protected]/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/

lists.fedoraproject.org/archives/list/[email protected]/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/

security.gentoo.org/glsa/202310-03

security.netapp.com/advisory/ntap-20231116-0012/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.9%

JSON

Related for NVD:CVE-2023-4527

redhatcve1 ubuntucve1 cvelist1 cve1 osv5 ibm9 wolfi1 prion1 cgr1 debiancve1 openvas6 nessus19 ubuntu1 cloudfoundry1 mageia1 debian1 fedora3 oraclelinux4 rocky1 almalinux2 redhat63 rosalinux1 gentoo1 photon1 oracle1 ics1