Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2026-0915

Опубликовано: 15 янв. 2026
Источник: debian
EPSS Низкий

Описание

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
glibcfixed2.42-8package
glibcfixed2.41-12+deb13u2trixiepackage
glibcno-dsabookwormpackage
glibcpostponedbullseyepackage

Примечания

  • https://sourceware.org/bugzilla/show_bug.cgi?id=33802

  • https://www.openwall.com/lists/oss-security/2026/01/16/6

  • Introduced with: https://sourceware.org/git/?p=glibc.git;a=commit;h=5f0e6fc702296840d2daa39f83f6cb1e40073d58 (glibc-1.93)

  • Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=e56ff82d5034ec66c6a78f517af6faa427f65b0b (glibc-2.43)

EPSS

Процентиль: 5%
0.00021
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2026-0915

CVSS3: 7.5
ubuntu
2 месяца назад

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

redhat логотип

CVE-2026-0915

CVSS3: 5.3
redhat
2 месяца назад

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

nvd логотип

CVE-2026-0915

CVSS3: 7.5
nvd
2 месяца назад

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

msrc логотип

CVE-2026-0915

CVSS3: 2.9
msrc
2 месяца назад

getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler

github логотип

GHSA-xp56-6525-9chf

CVSS3: 7.5
github
2 месяца назад

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

EPSS

Процентиль: 5%
0.00021
Низкий