CVE-2023-4527

Updated: 2024-05-15 00:35:47.182272

Description:

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 6.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU glibc 2.34 6.5 MEDIUM Ignored 2023-11-08 04:08:01
CentOS 6 ELS glibc 2.12 6.5 MEDIUM Not Vulnerable 2023-10-13 05:08:30
CentOS 7 ELS glibc 2.17 6.5 MEDIUM Not Vulnerable 2023-10-13 05:08:29
CentOS 8.4 ELS glibc 2.28 6.5 MEDIUM Not Vulnerable 2024-05-22 17:29:45
CentOS 8.5 ELS glibc 2.28 6.5 MEDIUM Not Vulnerable 2024-05-22 17:29:45
CloudLinux 6 ELS glibc 2.12 6.5 MEDIUM Not Vulnerable 2023-10-13 05:08:29
Oracle Linux 6 ELS glibc 2.12 6.5 MEDIUM Not Vulnerable 2023-10-13 05:08:29
Ubuntu 16.04 ELS glibc 2.23-0 6.5 MEDIUM Not Vulnerable 2023-10-13 05:08:29
Ubuntu 18.04 ELS glibc 2.27-3 6.5 MEDIUM Not Vulnerable 2023-10-13 05:08:30