CVE-2023-4527

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_tus:8.8:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

History

16 Sep 2024, 14:15

Type Values Removed Values Added
References
  • {'url': 'http://www.openwall.com/lists/oss-security/2023/09/25/1', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://security.gentoo.org/glsa/202310-03', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://security.netapp.com/advisory/ntap-20231116-0012/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}

28 Dec 2023, 16:23

Type Values Removed Values Added
First Time Netapp
Netapp h410c Firmware
Netapp h410c
Netapp h700s Firmware
Netapp h300s
Netapp h500s Firmware
Netapp h700s
Netapp h410s
Netapp h500s
Netapp h300s Firmware
Netapp h410s Firmware
CPE cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
References () https://security.netapp.com/advisory/ntap-20231116-0012/ - () https://security.netapp.com/advisory/ntap-20231116-0012/ - Third Party Advisory

16 Nov 2023, 16:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20231116-0012/ -

26 Oct 2023, 18:00

Type Values Removed Values Added
References (MISC) http://www.openwall.com/lists/oss-security/2023/09/25/1 - (MISC) http://www.openwall.com/lists/oss-security/2023/09/25/1 - Mailing List
References (MISC) https://access.redhat.com/errata/RHSA-2023:5453 - (MISC) https://access.redhat.com/errata/RHSA-2023:5453 - Third Party Advisory
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/ - Mailing List
References (MISC) https://security.gentoo.org/glsa/202310-03 - (MISC) https://security.gentoo.org/glsa/202310-03 - Third Party Advisory
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/ - Mailing List
References (MISC) https://access.redhat.com/errata/RHSA-2023:5455 - (MISC) https://access.redhat.com/errata/RHSA-2023:5455 - Third Party Advisory
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/ - Mailing List
CPE cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
First Time Redhat codeready Linux Builder For Ibm Z Systems Eus
Redhat codeready Linux Builder For Arm64 Eus
Redhat codeready Linux Builder Eus For Power Little Endian
Redhat enterprise Linux For Ibm Z Systems S390x
Redhat enterprise Linux For Ibm Z Systems Eus S390x
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Redhat enterprise Linux For Arm 64 Eus
Redhat codeready Linux Builder For Arm64
Redhat codeready Linux Builder Eus For Power Little Endian Eus
Redhat codeready Linux Builder For Ibm Z Systems
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux Tus
Redhat enterprise Linux Eus
Redhat enterprise Linux For Arm 64
Fedoraproject fedora
Fedoraproject
Redhat enterprise Linux Server Aus
Redhat codeready Linux Builder Eus
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux For Ibm Z Systems Eus

05 Oct 2023, 16:15

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/errata/RHSA-2023:5453 -
  • (MISC) https://access.redhat.com/errata/RHSA-2023:5455 -

04 Oct 2023, 19:15

Type Values Removed Values Added
References
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/ -
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/ -
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/ -

04 Oct 2023, 10:15

Type Values Removed Values Added
References
  • (MISC) https://security.gentoo.org/glsa/202310-03 -

25 Sep 2023, 12:15

Type Values Removed Values Added
References
  • (MISC) http://www.openwall.com/lists/oss-security/2023/09/25/1 -

22 Sep 2023, 17:52

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.2
v2 : unknown
v3 : 6.5

21 Sep 2023, 17:55

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.2
CWE CWE-125
CPE cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
First Time Gnu glibc
Redhat
Redhat enterprise Linux
Gnu
References (MISC) https://access.redhat.com/security/cve/CVE-2023-4527 - (MISC) https://access.redhat.com/security/cve/CVE-2023-4527 - Third Party Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2234712 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2234712 - Exploit, Issue Tracking, Third Party Advisory

18 Sep 2023, 18:23

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-18 17:15

Updated : 2024-09-16 14:15


NVD link : CVE-2023-4527

Mitre link : CVE-2023-4527

CVE.ORG link : CVE-2023-4527


JSON object : View

Products Affected

redhat

  • codeready_linux_builder_for_ibm_z_systems
  • codeready_linux_builder_eus_for_power_little_endian_eus
  • enterprise_linux_server_aus
  • enterprise_linux_tus
  • enterprise_linux
  • codeready_linux_builder_eus_for_power_little_endian
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_ibm_z_systems_s390x
  • codeready_linux_builder_eus
  • enterprise_linux_eus
  • codeready_linux_builder_for_arm64
  • enterprise_linux_for_power_little_endian
  • enterprise_linux_for_ibm_z_systems_eus_s390x
  • enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
  • enterprise_linux_for_arm_64
  • codeready_linux_builder_for_ibm_z_systems_eus
  • enterprise_linux_for_arm_64_eus
  • enterprise_linux_for_power_little_endian_eus
  • codeready_linux_builder_for_arm64_eus
  • enterprise_linux_for_ibm_z_systems_eus

netapp

  • h300s_firmware
  • h700s
  • h500s_firmware
  • h410c
  • h300s
  • h410c_firmware
  • h700s_firmware
  • h410s
  • h500s
  • h410s_firmware

gnu

  • glibc

fedoraproject

  • fedora
CWE
CWE-125

Out-of-bounds Read

CWE-121

Stack-based Buffer Overflow