CVE-2023-4806

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-4806
A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2023:5453 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5455 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7409
https://access.redhat.com/security/cve/CVE-2023-4806 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2237782 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:glibc:2.33:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_tus:8.8:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
History

16 Sep 2024, 14:15

Type Values Removed Values Added
References
  • {'url': 'http://www.openwall.com/lists/oss-security/2023/10/03/4', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2023/10/03/5', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2023/10/03/6', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2023/10/03/8', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://security.gentoo.org/glsa/202310-03', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://security.netapp.com/advisory/ntap-20240125-0008/', 'source': 'secalert@redhat.com'}

25 Jan 2024, 14:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240125-0008/ -

21 Nov 2023, 18:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7409 -

26 Oct 2023, 17:59

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
References (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/8 - (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/8 - Mailing List
References (MISC) https://access.redhat.com/errata/RHSA-2023:5453 - (MISC) https://access.redhat.com/errata/RHSA-2023:5453 - Third Party Advisory
References (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/4 - (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/4 - Mailing List
References (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/6 - (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/6 - Mailing List
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/ - Mailing List
References (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/5 - (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/5 - Mailing List
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/ - Mailing List
References (MISC) https://security.gentoo.org/glsa/202310-03 - (MISC) https://security.gentoo.org/glsa/202310-03 - Third Party Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:5455 - (MISC) https://access.redhat.com/errata/RHSA-2023:5455 - Third Party Advisory
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/ - Mailing List
First Time Redhat codeready Linux Builder For Ibm Z Systems Eus
Redhat codeready Linux Builder For Arm64 Eus
Redhat codeready Linux Builder Eus For Power Little Endian
Redhat enterprise Linux For Ibm Z Systems S390x
Redhat enterprise Linux For Ibm Z Systems Eus S390x
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Redhat enterprise Linux For Arm 64 Eus
Redhat codeready Linux Builder For Arm64
Redhat codeready Linux Builder Eus For Power Little Endian Eus
Redhat codeready Linux Builder For Ibm Z Systems
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux Tus
Redhat enterprise Linux Eus
Redhat enterprise Linux For Arm 64
Fedoraproject fedora
Fedoraproject
Redhat enterprise Linux Server Aus
Redhat codeready Linux Builder Eus
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux For Ibm Z Systems Eus

05 Oct 2023, 16:15

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/errata/RHSA-2023:5453 -
  • (MISC) https://access.redhat.com/errata/RHSA-2023:5455 -

04 Oct 2023, 19:15

Type Values Removed Values Added
References
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/ -
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/ -
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/ -

04 Oct 2023, 10:15

Type Values Removed Values Added
References
  • (MISC) https://security.gentoo.org/glsa/202310-03 -

04 Oct 2023, 00:15

Type Values Removed Values Added
References
  • (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/6 -
  • (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/8 -

03 Oct 2023, 21:15

Type Values Removed Values Added
References
  • (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/5 -
  • (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/4 -

26 Sep 2023, 19:54

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 5.9

22 Sep 2023, 13:44

Type Values Removed Values Added
First Time Gnu glibc
Redhat
Redhat enterprise Linux
Gnu
CWE CWE-416
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2237782 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2237782 - Issue Tracking, Third Party Advisory
References (MISC) https://access.redhat.com/security/cve/CVE-2023-4806 - (MISC) https://access.redhat.com/security/cve/CVE-2023-4806 - Third Party Advisory
CPE cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.33:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

18 Sep 2023, 18:23

Type Values Removed Values Added
New CVE
Information

Published : 2023-09-18 17:15

Updated : 2024-09-16 14:15

NVD link : CVE-2023-4806

Mitre link : CVE-2023-4806

CVE.ORG link : CVE-2023-4806

JSON object : View

Products Affected

redhat

  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_arm_64_eus
  • enterprise_linux_tus
  • codeready_linux_builder_for_arm64_eus
  • enterprise_linux_for_arm_64
  • codeready_linux_builder_for_ibm_z_systems
  • enterprise_linux_for_ibm_z_systems_s390x
  • enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
  • codeready_linux_builder_eus_for_power_little_endian
  • enterprise_linux_for_power_little_endian
  • enterprise_linux_server_aus
  • codeready_linux_builder_eus_for_power_little_endian_eus
  • enterprise_linux_for_ibm_z_systems_eus_s390x
  • codeready_linux_builder_for_arm64
  • codeready_linux_builder_for_ibm_z_systems_eus
  • enterprise_linux_for_ibm_z_systems_eus
  • codeready_linux_builder_eus
  • enterprise_linux_eus

gnu

  • glibc

fedoraproject

  • fedora
CWE
CWE-416

Use After Free