Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-4806

Published: 18 September 2023

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

Notes

AuthorNote
Priority reason:
No known NSS modules expose the vulnerability
mdeslaur
This is only an issue when using an NSS module with a very
specific behaviour. There are no known NSS modules which are
implemented this way.

The fix for this issue introduced a leak, identified as
CVE-2023-5156 which was later fixed with a subsequent commit.

Older releases require backporting a dozen refactoring commits.
ccdm94
One of the refactoring commits needed to fix this issue is also
the fix for CVE-2023-4813.

Priority

Low

Cvss 3 Severity Score

5.9

Score breakdown

Status

Package Release Status
glibc
Launchpad, Ubuntu, Debian
trusty Ignored
(end of standard support)
xenial
Released (2.23-0ubuntu11.3+esm5)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
bionic
Released (2.27-3ubuntu1.6+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
upstream Needs triage

mantic
Released (2.38-1ubuntu5)
focal
Released (2.31-0ubuntu9.14)
jammy
Released (2.35-0ubuntu3.5)
lunar
Released (2.37-0ubuntu2.2)
Patches:
upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=973fe93a5675c42798b2161c6f29c01b0e243994 (2.39)
upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=00ae4f10b504bc4564e9f22f00907093f1ab9338 (2.38)
upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6529a7466c935f36e9006b854d6f4e1d4876f942 (2.37)
upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a9728f798ec7f05454c95637ee6581afaa9b487d (2.36)
upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e3ccb230a961b4797510e6a1f5f21fd9021853e7 (2.35)
upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e09ee267c03e3150c2c9ba28625ab130705a485e (2.34)
eglibc
Launchpad, Ubuntu, Debian
trusty Needs triage

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Does not exist

lunar Does not exist

upstream Needs triage

mantic Does not exist

Severity score breakdown

Parameter Value
Base score 5.9
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H