CVE-2023-4806: Glibc: potential use-after-free in getaddrinfo()
First published: Wed Sep 06 2023(Updated: )
A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/glibc | <0:2.28-225.el8_8.6 | 0:2.28-225.el8_8.6 |
| redhat/glibc | <0:2.34-60.el9_2.7 | 0:2.34-60.el9_2.7 |
| GNU glibc | =2.33 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 | |
| Redhat Codeready Linux Builder Eus | =9.2 | |
| Redhat Codeready Linux Builder Eus For Power Little Endian | =9.0_ppc64le | |
| Redhat Codeready Linux Builder Eus For Power Little Endian Eus | =9.2_ppc64le | |
| Redhat Codeready Linux Builder For Arm64 | =9.0_aarch64 | |
| Redhat Codeready Linux Builder For Arm64 Eus | =9.2_aarch64 | |
| Redhat Codeready Linux Builder For Ibm Z Systems | =9.0_s390x | |
| Redhat Codeready Linux Builder For Ibm Z Systems Eus | =9.2_s390x | |
| Redhat Enterprise Linux Eus | =8.8 | |
| Redhat Enterprise Linux Eus | =9.2 | |
| Redhat Enterprise Linux For Arm 64 | =9.0_aarch64 | |
| Redhat Enterprise Linux For Arm 64 Eus | =9.2_aarch64 | |
| Redhat Enterprise Linux For Ibm Z Systems | =8.0_s390x | |
| Redhat Enterprise Linux For Ibm Z Systems Eus | =8.8_s390x | |
| Redhat Enterprise Linux For Ibm Z Systems Eus S390x | =9.2 | |
| Redhat Enterprise Linux For Ibm Z Systems S390x | =9.2 | |
| Redhat Enterprise Linux For Power Little Endian | =8.0_ppc64le | |
| Redhat Enterprise Linux For Power Little Endian | =9.2_ppc64le | |
| Redhat Enterprise Linux For Power Little Endian Eus | =8.8_ppc64le | |
| Redhat Enterprise Linux For Power Little Endian Eus | =9.2_ppc64le | |
| Redhat Enterprise Linux Server Aus | =9.2 | |
| Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =9.2_ppc64le | |
| Redhat Enterprise Linux Tus | =8.8 | |
| Fedoraproject Fedora | =37 | |
| Fedoraproject Fedora | =38 | |
| Fedoraproject Fedora | =39 | |
| ubuntu/glibc | <2.27-3ubuntu1.6+ | 2.27-3ubuntu1.6+ |
| ubuntu/glibc | <2.31-0ubuntu9.14 | 2.31-0ubuntu9.14 |
| ubuntu/glibc | <2.35-0ubuntu3.5 | 2.35-0ubuntu3.5 |
| ubuntu/glibc | <2.37-0ubuntu2.2 | 2.37-0ubuntu2.2 |
| ubuntu/glibc | <2.38-1ubuntu5 | 2.38-1ubuntu5 |
| ubuntu/glibc | <2.38-1ubuntu5 | 2.38-1ubuntu5 |
| ubuntu/glibc | <2.23-0ubuntu11.3+ | 2.23-0ubuntu11.3+ |
| debian/glibc | <=2.31-13+deb11u10 | 2.36-9+deb12u7 2.39-6 |
| IBM QRadar Network Packet Capture | <=7.5.0 - 7.5.0 Update Package 7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806
- https://bugzilla.redhat.com/show_bug.cgi?id=2237782
- https://access.redhat.com/errata/RHSA-2023:5455
- https://access.redhat.com/errata/RHSA-2023:5453
- https://access.redhat.com/security/cve/CVE-2023-4806
- http://www.openwall.com/lists/oss-security/2023/10/03/4
- http://www.openwall.com/lists/oss-security/2023/10/03/5
- http://www.openwall.com/lists/oss-security/2023/10/03/6
- http://www.openwall.com/lists/oss-security/2023/10/03/8
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
- https://security.gentoo.org/glsa/202310-03
- https://access.redhat.com/errata/RHSA-2023:7409
- https://security.netapp.com/advisory/ntap-20240125-0008/
- https://launchpad.net/bugs/cve/CVE-2023-4806
- https://sourceware.org/bugzilla/show_bug.cgi?id=30843
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2238604
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2237782#c0
- https://ubuntu.com/security/notices/USN-6541-1
- https://ubuntu.com/security/notices/USN-6541-2
- https://www.cve.org/CVERecord?id=CVE-2023-4806
- https://nvd.nist.gov/vuln/detail/CVE-2023-4806
- https://security-tracker.debian.org/tracker/CVE-2023-4806
- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=973fe93a5675c42798b2161c6f29c01b0e243994
- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=00ae4f10b504bc4564e9f22f00907093f1ab9338
- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6529a7466c935f36e9006b854d6f4e1d4876f942
- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a9728f798ec7f05454c95637ee6581afaa9b487d
- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e3ccb230a961b4797510e6a1f5f21fd9021853e7
- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e09ee267c03e3150c2c9ba28625ab130705a485e
- https://ubuntu.com/security/CVE-2023-4806
- https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0003
- https://exchange.xforce.ibmcloud.com/vulnerabilities/266465
- https://www.ibm.com/support/pages/node/7160961 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2023-4806?
CVE-2023-4806 is a vulnerability found in glibc that allows the getaddrinfo function to access freed memory, causing application crashes.
What is the severity of CVE-2023-4806?
CVE-2023-4806 has a severity level of high (7.5).
Which software versions are affected by CVE-2023-4806?
CVE-2023-4806 affects GNU glibc version 2.33, Redhat Enterprise Linux versions 7.0, 8.0, and 9.0.
How can CVE-2023-4806 be exploited?
CVE-2023-4806 can be exploited when an NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementation.
How can I fix CVE-2023-4806?
To fix CVE-2023-4806, it is recommended to upgrade to the patched version of GNU glibc or Redhat Enterprise Linux.
- collector/oss-sec
- alias/CVE-2023-4806
- alias/CVE-2023-5156
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/title
- agent/weakness
- agent/description
- collector/launchpad-cve
- source/Launchpad
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- agent/references
- agent/remedy
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/tags
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/ibm-support
- source/IBM
- package-manager/redhat
- vendor/gnu
- canonical/gnu glibc
- version/gnu glibc/2.33
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0
- canonical/redhat codeready linux builder eus
- version/redhat codeready linux builder eus/9.2
- canonical/redhat codeready linux builder eus for power little endian
- version/redhat codeready linux builder eus for power little endian/9.0_ppc64le
- canonical/redhat codeready linux builder eus for power little endian eus
- version/redhat codeready linux builder eus for power little endian eus/9.2_ppc64le
- canonical/redhat codeready linux builder for arm64
- version/redhat codeready linux builder for arm64/9.0_aarch64
- canonical/redhat codeready linux builder for arm64 eus
- version/redhat codeready linux builder for arm64 eus/9.2_aarch64
- canonical/redhat codeready linux builder for ibm z systems
- version/redhat codeready linux builder for ibm z systems/9.0_s390x
- canonical/redhat codeready linux builder for ibm z systems eus
- version/redhat codeready linux builder for ibm z systems eus/9.2_s390x
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/8.8
- version/redhat enterprise linux eus/9.2
- canonical/redhat enterprise linux for arm 64
- version/redhat enterprise linux for arm 64/9.0_aarch64
- canonical/redhat enterprise linux for arm 64 eus
- version/redhat enterprise linux for arm 64 eus/9.2_aarch64
- canonical/redhat enterprise linux for ibm z systems
- version/redhat enterprise linux for ibm z systems/8.0_s390x
- canonical/redhat enterprise linux for ibm z systems eus
- version/redhat enterprise linux for ibm z systems eus/8.8_s390x
- canonical/redhat enterprise linux for ibm z systems eus s390x
- version/redhat enterprise linux for ibm z systems eus s390x/9.2
- canonical/redhat enterprise linux for ibm z systems s390x
- version/redhat enterprise linux for ibm z systems s390x/9.2
- canonical/redhat enterprise linux for power little endian
- version/redhat enterprise linux for power little endian/8.0_ppc64le
- version/redhat enterprise linux for power little endian/9.2_ppc64le
- canonical/redhat enterprise linux for power little endian eus
- version/redhat enterprise linux for power little endian eus/8.8_ppc64le
- version/redhat enterprise linux for power little endian eus/9.2_ppc64le
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/9.2
- canonical/redhat enterprise linux server for power little endian update services for sap solutions
- version/redhat enterprise linux server for power little endian update services for sap solutions/9.2_ppc64le
- canonical/redhat enterprise linux tus
- version/redhat enterprise linux tus/8.8
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/37
- version/fedoraproject fedora/38
- version/fedoraproject fedora/39
- package-manager/ubuntu
- package-manager/debian
- vendor/ibm
- canonical/ibm qradar network packet capture
- version/ibm qradar network packet capture/7.5.0 - 7.5.0 update package 7