Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-4527

Опубликовано: 18 сент. 2023
Источник: debian

Описание

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
glibcfixed2.37-9package
glibcfixed2.36-9+deb12u3bookwormpackage
glibcnot-affectedbullseyepackage
glibcnot-affectedbusterpackage

Примечания

  • https://sourceware.org/bugzilla/show_bug.cgi?id=30842

  • Introduced by: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f282cdbe7f436c75864e5640a409a10485e9abb2 (glibc-2.36)

  • Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f (release/2.36/master branch)

  • Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b7529346025a130fee483d42178b5c118da971bb (release/2.37/master branch)

  • Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b25508dd774b617f99419bdc3cf2ace4560cd2d6 (release/2.38/master branch)

  • https://www.openwall.com/lists/oss-security/2023/09/25/1

  • https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0002

Связанные уязвимости

ubuntu логотип

CVE-2023-4527

CVSS3: 6.5
ubuntu
почти 2 года назад

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

redhat логотип

CVE-2023-4527

CVSS3: 6.5
redhat
почти 2 года назад

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

nvd логотип

CVE-2023-4527

CVSS3: 6.5
nvd
почти 2 года назад

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

github логотип

GHSA-hmf7-f8gf-8f4p

CVSS3: 6.5
github
почти 2 года назад

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

fstec логотип

BDU:2023-06332

CVSS3: 6.5
fstec
почти 2 года назад

Уязвимость функции getaddrinfo системной библиотеки glibc, позволяющая нарушителю вызвать отказ в обслуживании