CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-4438

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.5%

CVSS Severity

CVSS v3 Score 5.4

References

https://sourceware.org/bugzilla/show_bug.cgi?id=34015

Products affected by CVE-2026-4438

Gnu » Glibc » Version: 2.34

cpe:2.3:a:gnu:glibc:2.34
Gnu » Glibc » Version: 2.34.9000

cpe:2.3:a:gnu:glibc:2.34.9000
Gnu » Glibc » Version: 2.35

cpe:2.3:a:gnu:glibc:2.35
Gnu » Glibc » Version: 2.35.9000

cpe:2.3:a:gnu:glibc:2.35.9000
Gnu » Glibc » Version: 2.36

cpe:2.3:a:gnu:glibc:2.36
Gnu » Glibc » Version: 2.36.113

cpe:2.3:a:gnu:glibc:2.36.113
Gnu » Glibc » Version: 2.36.9000

cpe:2.3:a:gnu:glibc:2.36.9000
Gnu » Glibc » Version: 2.37

cpe:2.3:a:gnu:glibc:2.37
Gnu » Glibc » Version: 2.37.38

cpe:2.3:a:gnu:glibc:2.37.38
Gnu » Glibc » Version: 2.37.9000

cpe:2.3:a:gnu:glibc:2.37.9000
Gnu » Glibc » Version: 2.38

cpe:2.3:a:gnu:glibc:2.38
Gnu » Glibc » Version: 2.38.19

cpe:2.3:a:gnu:glibc:2.38.19
Gnu » Glibc » Version: 2.38.9000

cpe:2.3:a:gnu:glibc:2.38.9000
Gnu » Glibc » Version: 2.39

cpe:2.3:a:gnu:glibc:2.39
Gnu » Glibc » Version: 2.39.9000

cpe:2.3:a:gnu:glibc:2.39.9000
Gnu » Glibc » Version: 2.40

cpe:2.3:a:gnu:glibc:2.40
Gnu » Glibc » Version: 2.40.9000

cpe:2.3:a:gnu:glibc:2.40.9000
Gnu » Glibc » Version: 2.41

cpe:2.3:a:gnu:glibc:2.41
Gnu » Glibc » Version: 2.41.9000

cpe:2.3:a:gnu:glibc:2.41.9000

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-4438

Products

Pricing

Contact Us