CVE-2023-4527

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Sep 18, 2023

Updated: Dec 28, 2023

CWE ID 125

CWE ID 121

Summary

CVE-2023-4527: A vulnerability was discovered in the getaddrinfo function of glibc. When the system is configured with no-aaaa mode in /etc/resolv.conf and receives a larger than expected DNS response via TCP using AF_UNSPEC address family, the function may disclose stack contents through the returned address data, potentially causing a crash.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Gnu Glibc
Red Hat Enterprise Linux
Fedora Operating System
Redhat Enterprise Linux For Ibm Z Systems

Affected Vendors

Red Hat
Fedora Project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/scoUPV
https://www.cve.org/CVERecord?id=CVE-2023-4527
https://nvd.nist.gov/vuln/detail/CVE-2023-4527

Back to Vulnerability Database