7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
87.2%
Software: glibc 2.28
OS: ROSA Virtualization 2.1
package_evr_string: glibc-2.28-225.rv3.src.rpm
CVE-ID: CVE-2023-4527
BDU-ID: 2023-06332
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the getaddrinfo function of the glibc system library is related to reading data outside of buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update glibc command
CVE-ID: CVE-2023-4813
BDU-ID: 2023-05969
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the nsswitch.conf component of the library that provides system calls and basic glibc functions is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update glibc command
CVE-ID: CVE-2023-4806
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: An error has been detected in glibc. In an extremely rare situation, the getaddrinfo function may access freed memory, causing the application to crash. This issue can only be exploited if the NSS module only implements the nss_gethostbyname2_r and nss_getcanonname_r interceptors without implementing the nss*_gethostbyname3_r interceptor. The resolved name must return a large number of IPv6 and IPv4 and the getaddrinfo function call must have the AF_INET6 address family with flags AI_CANONNAME, AI_ALL and AI_V4MAPPED.
CVE-STATUS: Fixed
CVE-REV: Run the yum update glibc command to close it
CVE-ID: CVE-2023-4911
BDU-ID: 2023-06269
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the dynamic loader ld.so of the glibc library is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code with elevated privileges by running binaries with SUID permissions and creating the GLIBC_TUNABLES environment variable.
CVE-STATUS: Fixed
CVE-REV: Run yum update glibc command to close it
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
87.2%