CVE-2023-4527

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Sep 18, 2023
Updated: Dec 28, 2023
CWE ID 125
CWE ID 121

Summary

CVE-2023-4527: A vulnerability was discovered in the getaddrinfo function of glibc. When the system is configured with no-aaaa mode in /etc/resolv.conf and receives a larger than expected DNS response via TCP using AF_UNSPEC address family, the function may disclose stack contents through the returned address data, potentially causing a crash.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Gnu Glibc
  • Red Hat Enterprise Linux
  • Fedora Operating System
  • Redhat Enterprise Linux For Ibm Z Systems

Affected Vendors

  • Red Hat
  • Fedora Project

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-4527 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions