CVE-2023-4527

Exploit

EPSS 0.11%
Published 18.09.2023 17:15:55
Last modified 24.06.2025 17:31:20
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

Affected products Warnungen 0 Metrics 3 CWE 2 References 13

Data is provided by the National Vulnerability Database (NVD)

Gnu ≫ Glibc Version >= 2.36 < 2.36.113

Gnu ≫ Glibc Version >= 2.37 < 2.37.38

Gnu ≫ Glibc Version >= 2.38 < 2.38.19

Redhat ≫ Codeready Linux Builder Eus Version9.2

Redhat ≫ Codeready Linux Builder Eus For Power Little Endian Version9.0_ppc64le

Redhat ≫ Codeready Linux Builder Eus For Power Little Endian Eus Version9.2_ppc64le

Redhat ≫ Codeready Linux Builder For Arm64 Version9.0_aarch64

Redhat ≫ Codeready Linux Builder For Arm64 Eus Version9.2_aarch64

Redhat ≫ Codeready Linux Builder For Ibm Z Systems Version9.0_s390x

Redhat ≫ Codeready Linux Builder For Ibm Z Systems Eus Version9.2_s390x

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Eus Version8.8

Redhat ≫ Enterprise Linux Eus Version9.2

Redhat ≫ Enterprise Linux For Arm 64 Version9.0_aarch64

Redhat ≫ Enterprise Linux For Arm 64 Eus Version9.2_aarch64

Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.8_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus S390x Version9.2

Redhat ≫ Enterprise Linux For Ibm Z Systems S390x Version9.2

Redhat ≫ Enterprise Linux For Power Little Endian Version8.0_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Version9.2_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.8_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.2_ppc64le

Redhat ≫ Enterprise Linux Server Aus Version9.2

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version9.2_ppc64le

Redhat ≫ Enterprise Linux Tus Version8.8

Fedoraproject ≫ Fedora Version37

Fedoraproject ≫ Fedora Version38

Fedoraproject ≫ Fedora Version39

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Netapp ≫ H410c Firmware Version-

Netapp ≫ H410c Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.292

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.2	4.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
secalert@redhat.com	6.5	2.2	4.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://security.gentoo.org/glsa/202310-03

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:5453

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:5455

Third Party Advisory

https://access.redhat.com/security/cve/CVE-2023-4527

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2234712

Third Party Advisory