ROS-20260505-73-0081

A vulnerability in the getnetbyaddr and getnetbyaddrr functions of the GNU C Library is related to the use of an uninitialized resource. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

CLSA-2026-1772114900 glibc: Fix of CVE-2026-0915

CVE-2026-0915: fix leak of stack contents to configured DNS resolver when resolving a zero-valued network via getnetbyaddr/getnetbyaddrr with DNS NSS backend; sanitize network value and avoid passing uninitialized stack data to resolver...

getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler

...

CVE-2026-0915

A flaw was found in glibc, the GNU C Library. When an application calls the getnetbyaddr or getnetbyaddrr functions to resolve a network address, and the system's nsswitch.conf file is configured to use a DNS Domain Name System backend for network lookups, a query for a zero-valued network can le...

CVE-2026-0915

Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver...

GNU C Library security vulnerabilities

The GNU C Library is an open-source, free C-language compiler program published by the GNU community under the LGPL license. Versions 2.0 through 2.42 of the GNU C Library contained security vulnerabilities. These vulnerabilities occurred when using the nsswitch.conf configuration with a DNS...