Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-4806
HistorySep 18, 2023 - 12:00 a.m.

CVE-2023-4806

2023-09-1800:00:00
ubuntu.com
ubuntu.com
35
glibc
getaddrinfo
memory access
application crash
nss module
ipv6
ipv4
af_inet6
ai_canonname
ai_all
ai_v4mapped

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.7%

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo
function may access memory that has been freed, resulting in an application
crash. This issue is only exploitable when a NSS module implements only the
nss_gethostbyname2_r and nss_getcanonname_r hooks without
implementing the nss*_gethostbyname3_r hook. The resolved name should
return a large number of IPv6 and IPv4, and the call to the getaddrinfo
function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL
and AI_V4MAPPED as flags.

Bugs

Notes

Author Note
Priority reason: No known NSS modules expose the vulnerability
mdeslaur This is only an issue when using an NSS module with a very specific behaviour. There are no known NSS modules which are implemented this way. The fix for this issue introduced a leak, identified as CVE-2023-5156 which was later fixed with a subsequent commit. Older releases require backporting a dozen refactoring commits.
ccdm94 One of the refactoring commits needed to fix this issue is also the fix for CVE-2023-4813.
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarcheglibc< anyUNKNOWN
ubuntu18.04noarchglibc< 2.27-3ubuntu1.6+esm1UNKNOWN
ubuntu20.04noarchglibc< 2.31-0ubuntu9.14UNKNOWN
ubuntu22.04noarchglibc< 2.35-0ubuntu3.5UNKNOWN
ubuntu23.04noarchglibc< 2.37-0ubuntu2.2UNKNOWN
ubuntu23.10noarchglibc< 2.38-1ubuntu5UNKNOWN
ubuntu24.04noarchglibc< 2.38-1ubuntu5UNKNOWN
ubuntu16.04noarchglibc< 2.23-0ubuntu11.3+esm5UNKNOWN

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.7%