CVE-2023-4806
Publication date 18 September 2023
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
Read the notes from the security team
Why is this CVE low priority?
No known NSS modules expose the vulnerability
Status
Package | Ubuntu Release | Status |
---|---|---|
eglibc | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Ignored end of ESM support, was needs-triage | |
glibc | 24.10 oracular |
Fixed 2.38-1ubuntu5
|
24.04 LTS noble |
Fixed 2.38-1ubuntu5
|
|
22.04 LTS jammy |
Fixed 2.35-0ubuntu3.5
|
|
20.04 LTS focal |
Fixed 2.31-0ubuntu9.14
|
|
18.04 LTS bionic |
Fixed 2.27-3ubuntu1.6+esm1
|
|
16.04 LTS xenial |
Fixed 2.23-0ubuntu11.3+esm5
|
|
14.04 LTS trusty | Ignored end of standard support |
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProNotes
mdeslaur
This is only an issue when using an NSS module with a very specific behaviour. There are no known NSS modules which are implemented this way. The fix for this issue introduced a leak, identified as CVE-2023-5156 which was later fixed with a subsequent commit. Older releases require backporting a dozen refactoring commits.
ccdm94
One of the refactoring commits needed to fix this issue is also the fix for CVE-2023-4813.
Patch details
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.9 · Medium |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-6541-1
- GNU C Library vulnerabilities
- 7 December 2023