Описание
A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
Отчет
This issue is only exploitable when the condition detailed in the description is present in the system. However, all glibc versions shipped in Red Hat Enterprise Linux are vulnerable to this issue.
Меры по смягчению последствий
Removing the "SUCCESS=continue" or "SUCCESS=merge" configuration from the hosts database in /etc/nsswitch.conf will mitigate this vulnerability. Note that, these options are not supported by the hosts database, if they were working before it was because of this bug.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | compat-glibc | Out of support scope | ||
| Red Hat Enterprise Linux 6 | glibc | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-glibc | Will not fix | ||
| Red Hat Enterprise Linux 7 | glibc | Will not fix | ||
| Red Hat Enterprise Linux 8 | glibc | Fixed | RHSA-2023:5455 | 05.10.2023 |
| Red Hat Enterprise Linux 8 | glibc | Fixed | RHSA-2023:5455 | 05.10.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | glibc | Fixed | RHSA-2023:7409 | 21.11.2023 |
| Red Hat Enterprise Linux 9 | glibc | Fixed | RHBA-2024:2413 | 30.04.2024 |
| Red Hat Enterprise Linux 9 | glibc | Fixed | RHSA-2023:5453 | 05.10.2023 |
| Red Hat Enterprise Linux 9 | glibc | Fixed | RHBA-2024:2413 | 30.04.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
A flaw was found in glibc. In an uncommon situation, the gaih_inet fun ...
EPSS
5.9 Medium
CVSS3