6.5

CVE-2023-4527

Exploit

Glibc: stack read overflow in getaddrinfo in no-aaaa mode

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGlibc Version >= 2.36 < 2.36.113
GnuGlibc Version >= 2.37 < 2.37.38
GnuGlibc Version >= 2.38 < 2.38.19
RedhatCodeready Linux Builder For Arm64 Version9.0_aarch64
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Eus Version8.8
RedhatEnterprise Linux Eus Version9.2
RedhatEnterprise Linux For Arm 64 Version9.0_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.2_aarch64
RedhatEnterprise Linux Tus Version8.8
FedoraprojectFedora Version37
FedoraprojectFedora Version38
FedoraprojectFedora Version39
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH410s Firmware Version-
   NetappH410s Version-
NetappH410c Firmware Version-
   NetappH410c Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.51% 0.711
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.2 4.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
secalert@redhat.com 6.5 2.2 4.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://security.gentoo.org/glsa/202310-03
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5453
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5455
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4527
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2234712
Third Party Advisory
Exploit
Issue Tracking
http://www.openwall.com/lists/oss-security/2023/09/25/1
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20231116-0012/
Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
https://cert-portal.siemens.com/productcert/html/ssa-831302.html