What is the severity of REDHAT-BUG-2237782?

The severity of REDHAT-BUG-2237782 is classified as high due to the potential for application crashes.

How can REDHAT-BUG-2237782 be fixed?

To fix REDHAT-BUG-2237782, ensure that the NSS module implements both the _nss_*_gethostbyname2_r and _nss_*_gethostbyname3_r hooks appropriately.

What impact does REDHAT-BUG-2237782 have on applications?

REDHAT-BUG-2237782 can lead to application crashes under specific conditions when using the getaddrinfo function.

Which software is affected by REDHAT-BUG-2237782?

REDHAT-BUG-2237782 affects the GNU C Library (glibc) when certain NSS module implementations are used.

Is REDHAT-BUG-2237782 considered an exploit?

While REDHAT-BUG-2237782 may not be easily exploitable, it poses a significant risk of instability in affected applications.

Vulnerability/
REDHAT-BUG-2237782

medium

6/9/2023

3/1/2025

REDHAT-BUG-2237782

First published: Wed Sep 06 2023(Updated: )

In an extremely rare situation, the getaddrinfo function in glibc may access memory that has already been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r hook without implementing the _nss_*_gethostbyname3_r hook. There are no known modules that are implemented in this way. In addition to that condition, the resolved name should return a large number of IPv6 as well as IPv4 and the call to the getaddrinfo function should have AF_INET6 with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. Reference: <a href="https://sourceware.org/bugzilla/show_bug.cgi?id=30843">https://sourceware.org/bugzilla/show_bug.cgi?id=30843</a>

Affected Software	Affected Version	How to fix
GNU C Library (glibc)

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-2237782?
The severity of REDHAT-BUG-2237782 is classified as high due to the potential for application crashes.
How can REDHAT-BUG-2237782 be fixed?
To fix REDHAT-BUG-2237782, ensure that the NSS module implements both the _nss_*_gethostbyname2_r and _nss_*_gethostbyname3_r hooks appropriately.
What impact does REDHAT-BUG-2237782 have on applications?
REDHAT-BUG-2237782 can lead to application crashes under specific conditions when using the getaddrinfo function.
Which software is affected by REDHAT-BUG-2237782?
REDHAT-BUG-2237782 affects the GNU C Library (glibc) when certain NSS module implementations are used.
Is REDHAT-BUG-2237782 considered an exploit?
While REDHAT-BUG-2237782 may not be easily exploitable, it poses a significant risk of instability in affected applications.

agent/type
agent/first-publish-date
agent/severity
agent/references
agent/description
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-4806
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/gnu
canonical/gnu c library (glibc)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.