CVE-2023-4813

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

Configuration 5 (hide)

AND
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

History

16 Sep 2024, 14:15

Type Values Removed Values Added
References
  • {'url': 'http://www.openwall.com/lists/oss-security/2023/10/03/8', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://security.netapp.com/advisory/ntap-20231110-0003/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}

21 Jan 2024, 01:49

Type Values Removed Values Added
CPE cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
First Time Netapp
Netapp h410c Firmware
Netapp h410c
Netapp h700s Firmware
Netapp h300s
Netapp active Iq Unified Manager
Netapp h500s Firmware
Netapp h700s
Netapp h410s
Netapp h500s
Netapp h300s Firmware
Netapp h410s Firmware
References () https://access.redhat.com/errata/RHSA-2023:7409 - () https://access.redhat.com/errata/RHSA-2023:7409 - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20231110-0003/ - () https://security.netapp.com/advisory/ntap-20231110-0003/ - Third Party Advisory

21 Nov 2023, 18:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7409 -

10 Nov 2023, 18:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20231110-0003/ -

13 Oct 2023, 01:18

Type Values Removed Values Added
CPE cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*
References (MISC) https://access.redhat.com/errata/RHSA-2023:5453 - (MISC) https://access.redhat.com/errata/RHSA-2023:5453 - Third Party Advisory
References (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/8 - (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/8 - Mailing List, Third Party Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:5455 - (MISC) https://access.redhat.com/errata/RHSA-2023:5455 - Third Party Advisory
First Time Redhat enterprise Linux Eus
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux For Ibm Z Systems S390x
Redhat enterprise Linux Server Tus
Redhat enterprise Linux Server Aus
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux For Ibm Z Systems Eus S390x

05 Oct 2023, 16:15

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/errata/RHSA-2023:5453 -
  • (MISC) https://access.redhat.com/errata/RHSA-2023:5455 -

04 Oct 2023, 00:15

Type Values Removed Values Added
References
  • (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/8 -

20 Sep 2023, 19:01

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 5.9

18 Sep 2023, 14:07

Type Values Removed Values Added
References (MISC) https://access.redhat.com/security/cve/CVE-2023-4813 - (MISC) https://access.redhat.com/security/cve/CVE-2023-4813 - Third Party Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2237798 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2237798 - Issue Tracking, Patch, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-416
CPE cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
First Time Gnu glibc
Redhat
Gnu
Fedoraproject
Fedoraproject fedora
Redhat enterprise Linux

12 Sep 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-12 22:15

Updated : 2024-09-16 14:15


NVD link : CVE-2023-4813

Mitre link : CVE-2023-4813

CVE.ORG link : CVE-2023-4813


JSON object : View

Products Affected

netapp

  • h300s_firmware
  • h700s
  • h500s_firmware
  • active_iq_unified_manager
  • h410c
  • h300s
  • h410c_firmware
  • h700s_firmware
  • h410s
  • h500s
  • h410s_firmware

redhat

  • enterprise_linux_server_tus
  • enterprise_linux_server_aus
  • enterprise_linux
  • enterprise_linux_for_ibm_z_systems_s390x
  • enterprise_linux_eus
  • enterprise_linux_for_power_little_endian
  • enterprise_linux_for_ibm_z_systems_eus_s390x
  • enterprise_linux_for_power_little_endian_eus

gnu

  • glibc

fedoraproject

  • fedora
CWE
CWE-416

Use After Free