Vulnerability CVE-2023-4527: Information

Description

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-4527
Published: Sept. 18, 2023
Modified: Dec. 28, 2023
Error type identifier: CWE-125

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
glibcsisyphus_riscv642.38.0.44.d37c2b20a4-alt12.38.0.44.d37c2b20a4-alt1ALT-PU-2024-2632-1-Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2234712
  • Exploit
  • Issue Tracking
  • Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4527
  • Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/25/1
  • Mailing List
https://security.gentoo.org/glsa/202310-03
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
  • Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
  • Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
  • Mailing List
https://access.redhat.com/errata/RHSA-2023:5453
  • Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5455
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20231116-0012/
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
      End excliding
      2.39

      Configuration 2

      cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_tus:8.8:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
      cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
      cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

      Configuration 5

      cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

      Configuration 6

      cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

      Configuration 7

      cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

      Configuration 8

      cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.0
Back to top