CVE-2023-4813

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-4813
A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2023:5453 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5455 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7409 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4813 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2237798 Issue Tracking Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

Configuration 5 (hide)

AND
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
History

16 Sep 2024, 14:15

Type Values Removed Values Added
References
  • {'url': 'http://www.openwall.com/lists/oss-security/2023/10/03/8', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://security.netapp.com/advisory/ntap-20231110-0003/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}

21 Jan 2024, 01:49

Type Values Removed Values Added
CPE cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
References () https://access.redhat.com/errata/RHSA-2023:7409 - () https://access.redhat.com/errata/RHSA-2023:7409 - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20231110-0003/ - () https://security.netapp.com/advisory/ntap-20231110-0003/ - Third Party Advisory
First Time Netapp
Netapp h410c Firmware
Netapp h410c
Netapp h700s Firmware
Netapp h300s
Netapp active Iq Unified Manager
Netapp h500s Firmware
Netapp h700s
Netapp h410s
Netapp h500s
Netapp h300s Firmware
Netapp h410s Firmware

21 Nov 2023, 18:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7409 -

10 Nov 2023, 18:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20231110-0003/ -

13 Oct 2023, 01:18

Type Values Removed Values Added
CPE cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*
First Time Redhat enterprise Linux Eus
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux For Ibm Z Systems S390x
Redhat enterprise Linux Server Tus
Redhat enterprise Linux Server Aus
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux For Ibm Z Systems Eus S390x
References (MISC) https://access.redhat.com/errata/RHSA-2023:5453 - (MISC) https://access.redhat.com/errata/RHSA-2023:5453 - Third Party Advisory
References (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/8 - (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/8 - Mailing List, Third Party Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:5455 - (MISC) https://access.redhat.com/errata/RHSA-2023:5455 - Third Party Advisory

05 Oct 2023, 16:15

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/errata/RHSA-2023:5453 -
  • (MISC) https://access.redhat.com/errata/RHSA-2023:5455 -

04 Oct 2023, 00:15

Type Values Removed Values Added
References
  • (MISC) http://www.openwall.com/lists/oss-security/2023/10/03/8 -

20 Sep 2023, 19:01

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 5.9

18 Sep 2023, 14:07

Type Values Removed Values Added
First Time Gnu glibc
Redhat
Gnu
Fedoraproject
Fedoraproject fedora
Redhat enterprise Linux
CPE cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
CWE CWE-416
References (MISC) https://access.redhat.com/security/cve/CVE-2023-4813 - (MISC) https://access.redhat.com/security/cve/CVE-2023-4813 - Third Party Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2237798 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2237798 - Issue Tracking, Patch, Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5

12 Sep 2023, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-09-12 22:15

Updated : 2024-09-16 14:15

NVD link : CVE-2023-4813

Mitre link : CVE-2023-4813

CVE.ORG link : CVE-2023-4813

JSON object : View

Products Affected

redhat

  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux
  • enterprise_linux_server_tus
  • enterprise_linux_for_ibm_z_systems_s390x
  • enterprise_linux_for_power_little_endian
  • enterprise_linux_server_aus
  • enterprise_linux_for_ibm_z_systems_eus_s390x
  • enterprise_linux_eus

netapp

  • h500s
  • h410c
  • h500s_firmware
  • h410c_firmware
  • h300s_firmware
  • active_iq_unified_manager
  • h700s_firmware
  • h700s
  • h410s_firmware
  • h410s
  • h300s

gnu

  • glibc

fedoraproject

  • fedora
CWE
CWE-416

Use After Free