CVE-2023-4806
CVSS 3.1 Score 5.9 of 10 (medium)
Details
Summary
CVE-2023-4806 is a vulnerability affecting the getaddrinfo function in glibc. In a rare scenario, this function may access memory that has already been freed, potentially leading to an application crash. This issue arises when a Network Service Switching (NSS) module implements certain hooks without a specific one. Specifically, the module must not only implement _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks but also the _nss_*_gethostbyname3_r hook. Furthermore, the vulnerability is only exploitable when the resolved name returns a significant number of IPv6 and IPv4 addresses, and the call to getaddrinfo uses the AF_INET6 address family with AI_CANONNAME, AI_ALL, and AI_V4MAPPED flags.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Red Hat Enterprise Linux
- Fedora Operating System
- Redhat Enterprise Linux For Ibm Z Systems
Affected Vendors
- Red Hat
- Fedora Project
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions