CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-4806

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 76.7%

CVSS Severity

CVSS v3 Score 5.9

References

Products affected by CVE-2023-4806

Gnu » Glibc » Version: 2.33

cpe:2.3:a:gnu:glibc:2.33
Redhat » Codeready Linux Builder Eus » Version: 9.2

cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2
Redhat » Codeready Linux Builder Eus For Power Little Endian » Version: 9.0_ppc64le

cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le
Redhat » Codeready Linux Builder Eus For Power Little Endian Eus » Version: 9.2_ppc64le

cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le
Redhat » Codeready Linux Builder For Arm64 » Version: 9.0_aarch64

cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64
Redhat » Codeready Linux Builder For Arm64 Eus » Version: 9.2_aarch64

cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64
Redhat » Codeready Linux Builder For Ibm Z Systems » Version: 9.0_s390x

cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x
Redhat » Codeready Linux Builder For Ibm Z Systems Eus » Version: 9.2_s390x

cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x
Fedoraproject » Fedora » Version: 37

cpe:2.3:o:fedoraproject:fedora:37
Fedoraproject » Fedora » Version: 38

cpe:2.3:o:fedoraproject:fedora:38
Fedoraproject » Fedora » Version: 39

cpe:2.3:o:fedoraproject:fedora:39
Redhat » Enterprise Linux » Version: 7.0

cpe:2.3:o:redhat:enterprise_linux:7.0
Redhat » Enterprise Linux » Version: 8.0

cpe:2.3:o:redhat:enterprise_linux:8.0
Redhat » Enterprise Linux » Version: 9.0

cpe:2.3:o:redhat:enterprise_linux:9.0
Redhat » Enterprise Linux Eus » Version: 8.8

cpe:2.3:o:redhat:enterprise_linux_eus:8.8
Redhat » Enterprise Linux Eus » Version: 9.2

cpe:2.3:o:redhat:enterprise_linux_eus:9.2
Redhat » Enterprise Linux For Arm 64 » Version: 9.0_aarch64

cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64
Redhat » Enterprise Linux For Arm 64 Eus » Version: 9.2_aarch64

cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64
Redhat » Enterprise Linux For Ibm Z Systems » Version: 8.0_s390x

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x
Redhat » Enterprise Linux For Ibm Z Systems Eus » Version: 8.8_s390x

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x
Redhat » Enterprise Linux For Ibm Z Systems Eus S390x » Version: 9.2

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2
Redhat » Enterprise Linux For Ibm Z Systems S390x » Version: 9.2

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2
Redhat » Enterprise Linux For Power Little Endian » Version: 8.0_ppc64le

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le
Redhat » Enterprise Linux For Power Little Endian » Version: 9.2_ppc64le

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le
Redhat » Enterprise Linux For Power Little Endian Eus » Version: 8.8_ppc64le

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le
Redhat » Enterprise Linux For Power Little Endian Eus » Version: 9.2_ppc64le

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le
Redhat » Enterprise Linux Server Aus » Version: 9.2

cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 9.2_ppc64le

cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le
Redhat » Enterprise Linux Tus » Version: 8.8

cpe:2.3:o:redhat:enterprise_linux_tus:8.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-4806

Products

Pricing

Contact Us