high
7.5
CWE
401
EPSS
0.093%
Advisory Published
CVE Published
Updated

CVE-2023-5156: Glibc: dos due to memory leak in getaddrinfo.c

First published: Mon Sep 25 2023(Updated: )

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
GNU glibc<2.39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
GNU glibc>=2.34<2.39
redhat/glibc<2.39
2.39
ubuntu/glibc<2.35-0ubuntu3.5
2.35-0ubuntu3.5
ubuntu/glibc<2.37-0ubuntu2.2
2.37-0ubuntu2.2
ubuntu/glibc<2.38-1ubuntu5
2.38-1ubuntu5
ubuntu/glibc<2.38-1ubuntu5
2.38-1ubuntu5
debian/glibc
2.28-10+deb10u1
2.28-10+deb10u3
2.31-13+deb11u8
2.31-13+deb11u10
2.36-9+deb12u4
2.36-9+deb12u7
2.38-11

Remedy

http://www.openwall.com/lists/oss-security/2023/10/03/4

Remedy

http://www.openwall.com/lists/oss-security/2023/10/03/8

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=2240541

Remedy

https://sourceware.org/bugzilla/show_bug.cgi?id=30884

Remedy

https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796

Remedy

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ec6b95c3303c700eb89eebeda2d7264cc184a796

Remedy

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5ee59ca371b99984232d7584fe2b1a758b4421d3

Remedy

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4473d1b87d04b25cdd0e0354814eeaa421328268

Remedy

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=856bac55f98dc840e7c27cfa82262b933385de90

Remedy

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=17092c0311f954e6f3c010f73ce3a78c24ac279a

Remedy

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8006457ab7e1cd556b919f477348a96fe88f2e49

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2023-5156?

    CVE-2023-5156 is a vulnerability in the GNU C Library that can cause a memory leak and application crashes.

  • What is the severity of CVE-2023-5156?

    CVE-2023-5156 has a severity rating of high (7.5).

  • Which software is affected by CVE-2023-5156?

    The GNU C Library version up to 2.39, GNU glibc version up to 2.39, Redhat Enterprise Linux 8.0, and Redhat Enterprise Linux 9.0 are affected by CVE-2023-5156.

  • How can CVE-2023-5156 be exploited?

    CVE-2023-5156 can be exploited by an attacker to cause a memory leak, potentially leading to application crashes.

  • Are there any fixes available for CVE-2023-5156?

    Yes, a fix is available for CVE-2023-5156. Update to GNU C Library version 2.39 or newer.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203