CVE-2023-4527

Description

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

CVSS Metrics

• v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

EPSS Trends

Current EPSS score: 0.11%• Percentile: 29%

Techniques & Countermeasures

• CWE-121•Stack-based Buffer Overflow

  A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

• CWE-125•Out-of-bounds Read

  The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

• fedoraproject•fedora

  37 | 38 | 39

• gnu•glibc

  ≥ 2.36, < 2.36.113 | ≥ 2.37, < 2.37.38 | ≥ 2.38, < 2.38.19

• netapp•h300s_firmware

  na

• netapp•h410c_firmware

  na

• netapp•h410s_firmware

  na

• netapp•h500s_firmware

  na

• netapp•h700s_firmware

  na

• redhat•codeready_linux_builder_eus

  9.2

• redhat•codeready_linux_builder_eus_for_power_little_endian

  9.0_ppc64le

• redhat•codeready_linux_builder_eus_for_power_little_endian_eus

  9.2_ppc64le

• redhat•codeready_linux_builder_for_arm64

  9.0_aarch64

• redhat•codeready_linux_builder_for_arm64_eus

  9.2_aarch64

• redhat•codeready_linux_builder_for_ibm_z_systems

  9.0_s390x

• redhat•codeready_linux_builder_for_ibm_z_systems_eus

  9.2_s390x

• redhat•enterprise_linux

  8.0 | 9.0

• redhat•enterprise_linux_eus

  8.8 | 9.2

• redhat•enterprise_linux_for_arm_64

  9.0_aarch64

• redhat•enterprise_linux_for_arm_64_eus

  9.2_aarch64

• redhat•enterprise_linux_for_ibm_z_systems

  8.0_s390x

• redhat•enterprise_linux_for_ibm_z_systems_eus

  8.8_s390x

• redhat•enterprise_linux_for_ibm_z_systems_eus_s390x

  9.2

• redhat•enterprise_linux_for_ibm_z_systems_s390x

  9.2

• redhat•enterprise_linux_for_power_little_endian

  8.0_ppc64le | 9.2_ppc64le

• redhat•enterprise_linux_for_power_little_endian_eus

  8.8_ppc64le | 9.2_ppc64le

• redhat•enterprise_linux_server_aus

  9.2

• redhat•enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions

  9.2_ppc64le

• redhat•enterprise_linux_tus

  8.8

References (12)

• https://access.redhat.com/errata/RHSA-2023:5453
• https://access.redhat.com/errata/RHSA-2023:5455
• https://access.redhat.com/security/cve/CVE-2023-4527
• https://bugzilla.redhat.com/show_bug.cgi?id=2234712
• http://www.openwall.com/lists/oss-security/2023/09/25/1
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
• https://security.gentoo.org/glsa/202310-03
• https://security.netapp.com/advisory/ntap-20231116-0012/
• https://cert-portal.siemens.com/productcert/html/ssa-831302.html
• https://cert-portal.siemens.com/productcert/html/ssa-082556.html