CVE-2023-4806: Glibc: potential use-after-free in getaddrinfo()
First published: Wed Sep 06 2023(Updated: )
A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/glibc | <0:2.28-225.el8_8.6 | 0:2.28-225.el8_8.6 |
| redhat/glibc | <0:2.34-60.el9_2.7 | 0:2.34-60.el9_2.7 |
| ubuntu/glibc | <2.27-3ubuntu1.6+ | 2.27-3ubuntu1.6+ |
| ubuntu/glibc | <2.31-0ubuntu9.14 | 2.31-0ubuntu9.14 |
| ubuntu/glibc | <2.35-0ubuntu3.5 | 2.35-0ubuntu3.5 |
| ubuntu/glibc | <2.37-0ubuntu2.2 | 2.37-0ubuntu2.2 |
| ubuntu/glibc | <2.38-1ubuntu5 | 2.38-1ubuntu5 |
| ubuntu/glibc | <2.38-1ubuntu5 | 2.38-1ubuntu5 |
| ubuntu/glibc | <2.23-0ubuntu11.3+ | 2.23-0ubuntu11.3+ |
| debian/glibc | <=2.31-13+deb11u10 | 2.36-9+deb12u7 2.39-6 |
| GNU C Library | =2.33 | |
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =9.0 | |
| GNU C Library (glibc) | =2.33 | |
| Red Hat CodeReady Linux Builder | =9.2 | |
| Red Hat CodeReady Linux Builder for Power, little endian | =9.0_ppc64le | |
| Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support | =9.2_ppc64le | |
| Red Hat CodeReady Linux Builder for ARM 64 | =9.0_aarch64 | |
| Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support | =9.2_aarch64 | |
| Red Hat CodeReady Linux Builder for IBM z Systems | =9.0_s390x | |
| Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support | =9.2_s390x | |
| Red Hat Enterprise Linux Server EUS | =8.8 | |
| Red Hat Enterprise Linux Server EUS | =9.2 | |
| Red Hat Enterprise Linux | =9.0_aarch64 | |
| Red Hat Enterprise Linux for ARM64 EUS | =9.2_aarch64 | |
| Red Hat Enterprise Linux for IBM Z Systems | =8.0_s390x | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =8.8_s390x | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =9.2 | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =9.2 | |
| Red Hat Enterprise Linux for Power, little endian | =8.0_ppc64le | |
| Red Hat Enterprise Linux for Power, little endian | =9.2_ppc64le | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.8_ppc64le | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =9.2_ppc64le | |
| Red Hat Enterprise Linux Server | =9.2 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =9.2_ppc64le | |
| Red Hat Enterprise Linux | =8.8 | |
| Red Hat Fedora | =37 | |
| Red Hat Fedora | =38 | |
| Red Hat Fedora | =39 | |
| IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
| IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806
- https://bugzilla.redhat.com/show_bug.cgi?id=2237782
- https://access.redhat.com/errata/RHSA-2023:5455
- https://access.redhat.com/errata/RHSA-2023:5453
- https://access.redhat.com/security/cve/CVE-2023-4806
- http://www.openwall.com/lists/oss-security/2023/10/03/4
- http://www.openwall.com/lists/oss-security/2023/10/03/5
- http://www.openwall.com/lists/oss-security/2023/10/03/6
- http://www.openwall.com/lists/oss-security/2023/10/03/8
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
- https://security.gentoo.org/glsa/202310-03
- https://access.redhat.com/errata/RHSA-2023:7409
- https://security.netapp.com/advisory/ntap-20240125-0008/
- https://launchpad.net/bugs/cve/CVE-2023-4806
- https://ubuntu.com/security/notices/USN-6541-1
- https://ubuntu.com/security/notices/USN-6541-2
- https://www.cve.org/CVERecord?id=CVE-2023-4806
- https://nvd.nist.gov/vuln/detail/CVE-2023-4806
- https://security-tracker.debian.org/tracker/CVE-2023-4806
- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=973fe93a5675c42798b2161c6f29c01b0e243994
- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=00ae4f10b504bc4564e9f22f00907093f1ab9338
- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6529a7466c935f36e9006b854d6f4e1d4876f942
- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a9728f798ec7f05454c95637ee6581afaa9b487d
- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e3ccb230a961b4797510e6a1f5f21fd9021853e7
- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e09ee267c03e3150c2c9ba28625ab130705a485e
- https://ubuntu.com/security/CVE-2023-4806
- https://sourceware.org/bugzilla/show_bug.cgi?id=30843
- https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0003
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2238604
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2237782#c0
- https://www.ibm.com/support/pages/node/7172423 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2023-4806?
CVE-2023-4806 is a vulnerability found in glibc that allows the getaddrinfo function to access freed memory, causing application crashes.
What is the severity of CVE-2023-4806?
CVE-2023-4806 has a severity level of high (7.5).
Which software versions are affected by CVE-2023-4806?
CVE-2023-4806 affects GNU glibc version 2.33, Redhat Enterprise Linux versions 7.0, 8.0, and 9.0.
How can CVE-2023-4806 be exploited?
CVE-2023-4806 can be exploited when an NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementation.
How can I fix CVE-2023-4806?
To fix CVE-2023-4806, it is recommended to upgrade to the patched version of GNU glibc or Redhat Enterprise Linux.
- collector/oss-sec
- alias/CVE-2023-4806
- alias/CVE-2023-5156
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- agent/author
- agent/title
- agent/weakness
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- collector/security-tracker-debian
- source/Debian
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- agent/last-modified-date
- agent/source
- agent/references
- agent/trending
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- agent/tags
- agent/softwarecombine
- collector/ibm-support
- source/IBM
- package-manager/redhat
- package-manager/ubuntu
- package-manager/debian
- vendor/gnu
- canonical/gnu c library
- version/gnu c library/2.33
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- version/red hat enterprise linux/8.0
- version/red hat enterprise linux/9.0
- canonical/gnu c library (glibc)
- version/gnu c library (glibc)/2.33
- canonical/red hat codeready linux builder
- version/red hat codeready linux builder/9.2
- canonical/red hat codeready linux builder for power, little endian
- version/red hat codeready linux builder for power, little endian/9.0_ppc64le
- canonical/red hat codeready linux builder for power, little endian - extended update support
- version/red hat codeready linux builder for power, little endian - extended update support/9.2_ppc64le
- canonical/red hat codeready linux builder for arm 64
- version/red hat codeready linux builder for arm 64/9.0_aarch64
- canonical/red hat codeready linux builder for arm 64 - extended update support
- version/red hat codeready linux builder for arm 64 - extended update support/9.2_aarch64
- canonical/red hat codeready linux builder for ibm z systems
- version/red hat codeready linux builder for ibm z systems/9.0_s390x
- canonical/red hat codeready linux builder for ibm z systems - extended update support
- version/red hat codeready linux builder for ibm z systems - extended update support/9.2_s390x
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/8.8
- version/red hat enterprise linux server eus/9.2
- version/red hat enterprise linux/9.0_aarch64
- canonical/red hat enterprise linux for arm64 eus
- version/red hat enterprise linux for arm64 eus/9.2_aarch64
- canonical/red hat enterprise linux for ibm z systems
- version/red hat enterprise linux for ibm z systems/8.0_s390x
- canonical/red hat enterprise linux for ibm z systems (s390x)
- version/red hat enterprise linux for ibm z systems (s390x)/8.8_s390x
- version/red hat enterprise linux for ibm z systems (s390x)/9.2
- canonical/red hat enterprise linux for power, little endian
- version/red hat enterprise linux for power, little endian/8.0_ppc64le
- version/red hat enterprise linux for power, little endian/9.2_ppc64le
- canonical/red hat enterprise linux for power, little endian - extended update support
- version/red hat enterprise linux for power, little endian - extended update support/8.8_ppc64le
- version/red hat enterprise linux for power, little endian - extended update support/9.2_ppc64le
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/9.2
- canonical/red hat enterprise linux for sap applications for power, little endian - extended update support
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/9.2_ppc64le
- version/red hat enterprise linux/8.8
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/37
- version/red hat fedora/38
- version/red hat fedora/39
- vendor/ibm
- canonical/ibm security verify governance - identity manager
- version/ibm security verify governance - identity manager/isvg 10.0.2