First published: Tue Mar 01 2022(Updated: )
A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/glibc | <0:2.28-225.el8_8.6 | 0:2.28-225.el8_8.6 |
redhat/glibc | <0:2.34-60.el9_2.7 | 0:2.34-60.el9_2.7 |
GNU glibc | <2.36 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
Redhat Enterprise Linux Eus | =8.8 | |
Redhat Enterprise Linux Eus | =9.2 | |
Redhat Enterprise Linux For Ibm Z Systems Eus S390x | =9.2 | |
Redhat Enterprise Linux For Ibm Z Systems S390x | =9.2 | |
Redhat Enterprise Linux For Power Little Endian | =9.2_ppc64le | |
Redhat Enterprise Linux For Power Little Endian Eus | =9.2_ppc64le | |
Redhat Enterprise Linux Server Aus | =9.2 | |
Redhat Enterprise Linux Server Tus | =8.8 | |
Fedoraproject Fedora | =38 | |
redhat/glibc | <2.36 | 2.36 |
ubuntu/glibc | <2.27-3ubuntu1.6+ | 2.27-3ubuntu1.6+ |
ubuntu/glibc | <2.31-0ubuntu9.14 | 2.31-0ubuntu9.14 |
ubuntu/glibc | <2.35-0ubuntu3.5 | 2.35-0ubuntu3.5 |
ubuntu/glibc | <2.36-3 | 2.36-3 |
ubuntu/glibc | <2.23-0ubuntu11.3+ | 2.23-0ubuntu11.3+ |
Netapp Active Iq Unified Manager Vmware Vsphere | ||
All of | ||
Netapp H300s Firmware | ||
Netapp H300s | ||
All of | ||
Netapp H500s Firmware | ||
Netapp H500s | ||
All of | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
All of | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
All of | ||
Netapp H410c Firmware | ||
Netapp H410c | ||
debian/glibc | <=2.31-13+deb11u10 | 2.36-9+deb12u7 2.39-6 |
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Removing the "SUCCESS=continue" or "SUCCESS=merge" configuration from the hosts database in /etc/nsswitch.conf will mitigate this vulnerability. Note that, these options are not supported by the hosts database, if they were working before it was because of this bug.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2023-4813 is a vulnerability found in glibc that can result in an application crash when the getaddrinfo function is called.
The severity of CVE-2023-4813 is medium with a CVSS score of 5.9.
Redhat Enterprise Linux 8.0 is affected by CVE-2023-4813.
To fix CVE-2023-4813, update the glibc package to version 2.36 or apply the recommended fix provided by Redhat.
You can find more information about CVE-2023-4813 on the CVE website and the NIST National Vulnerability Database.