CVE-2023-4806

Publication date 18 September 2023

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

5.9 · Medium

Score breakdown

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

Read the notes from the security team

Why is this CVE low priority?

No known NSS modules expose the vulnerability

Learn more about Ubuntu priority

Status

Package Ubuntu Release Status
eglibc 24.10 oracular Not in release
24.04 LTS noble Not in release
23.10 mantic Not in release
23.04 lunar Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Ignored end of ESM support, was needs-triage
glibc 24.10 oracular
Fixed 2.38-1ubuntu5
24.04 LTS noble
Fixed 2.38-1ubuntu5
23.10 mantic
Fixed 2.38-1ubuntu5
23.04 lunar
Fixed 2.37-0ubuntu2.2
22.04 LTS jammy
Fixed 2.35-0ubuntu3.5
20.04 LTS focal
Fixed 2.31-0ubuntu9.14
18.04 LTS bionic
16.04 LTS xenial
14.04 LTS trusty Ignored end of standard support

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

Notes


mdeslaur

This is only an issue when using an NSS module with a very specific behaviour. There are no known NSS modules which are implemented this way. The fix for this issue introduced a leak, identified as CVE-2023-5156 which was later fixed with a subsequent commit. Older releases require backporting a dozen refactoring commits.


ccdm94

One of the refactoring commits needed to fix this issue is also the fix for CVE-2023-4813.

Severity score breakdown

Parameter Value
Base score 5.9 · Medium
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-6541-1
    • GNU C Library vulnerabilities
    • 7 December 2023

Other references