Headline
CVE-2023-4527: Invalid Bug ID
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
‘2234712?cve=title’ is not a valid bug number nor an alias to a bug.
Please press Back and try again.
Related news
An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.
Red Hat Security Advisory 2023-5455-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include buffer overflow, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-5453-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include buffer overflow, privilege escalation, and use-after-free vulnerabilities.
Gentoo Linux Security Advisory 202310-3 - Multiple vulnerabilities in glibc could result in Local Privilege Escalation. Versions greater than or equal to 2.37-r7 are affected.
Ubuntu Security Notice 6409-1 - It was discovered that the GNU C Library incorrectly handled the GLIBC_TUNABLES environment variable. An attacker could possibly use this issue to perform a privilege escalation attack. It was discovered that the GNU C Library incorrectly handled certain DNS responses when the system was configured in no-aaaa mode. A remote attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. This issue only affected Ubuntu 23.04.
Debian Linux Security Advisory 5514-1 - The Qualys Research Labs discovered a buffer overflow in the dynamic loader's processing of the GLIBC_TUNABLES environment variable. An attacker can exploit this flaw for privilege escalation.