CVE-2023-4527
Summary
| CVE | CVE-2023-4527 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-09-18 17:15:00 UTC |
| Updated | 2023-11-16 16:15:00 UTC |
| Description | A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. |
Risk And Classification
Problem Types: CWE-125
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 37 | All | All | All |
| Operating System | Fedoraproject | Fedora | 38 | All | All | All |
| Operating System | Fedoraproject | Fedora | 39 | All | All | All |
| Application | Gnu | Glibc | All | All | All | All |
| Application | Redhat | Codeready Linux Builder Eus | 9.2 | All | All | All |
| Application | Redhat | Codeready Linux Builder Eus For Power Little Endian | 9.0_ppc64le | All | All | All |
| Application | Redhat | Codeready Linux Builder Eus For Power Little Endian Eus | 9.2_ppc64le | All | All | All |
| Application | Redhat | Codeready Linux Builder For Arm64 | 9.0_aarch64 | All | All | All |
| Application | Redhat | Codeready Linux Builder For Arm64 Eus | 9.2_aarch64 | All | All | All |
| Application | Redhat | Codeready Linux Builder For Ibm Z Systems | 9.0_s390x | All | All | All |
| Application | Redhat | Codeready Linux Builder For Ibm Z Systems Eus | 9.2_s390x | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 9.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 8.8 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 9.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Arm 64 | 9.0_aarch64 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Arm 64 Eus | 9.2_aarch64 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems | 8.0_s390x | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems Eus | 8.8_s390x | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems Eus S390x | 9.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems S390x | 9.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Little Endian | 8.0_ppc64le | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Little Endian | 9.2_ppc64le | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Little Endian Eus | 8.8_ppc64le | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Little Endian Eus | 9.2_ppc64le | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 9.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | 9.2_ppc64le | All | All | All |
| Operating System | Redhat | Enterprise Linux Tus | 8.8 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cve-details | MISC | access.redhat.com | |
| [SECURITY] Fedora 39 Update: glibc-2.38-6.fc39 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| oss-security - CVE-2023-4527: glibc: Stack read overflow in getaddrinfo in no-aaaa mode | MISC | www.openwall.com | |
| 2234712 – (CVE-2023-4527) CVE-2023-4527 glibc: Stack read overflow in getaddrinfo in no-aaaa mode | MISC | bugzilla.redhat.com | |
| Red Hat | MISC | access.redhat.com | |
| glibc: Multiple vulnerabilities (GLSA 202310-03) — Gentoo security | MISC | security.gentoo.org | |
| Red Hat | MISC | access.redhat.com | |
| [SECURITY] Fedora 37 Update: glibc-2.36-14.fc37 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| [SECURITY] Fedora 38 Update: glibc-2.37-10.fc38 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| security.netapp.com/advisory/ntap-20231116-0012 | security.netapp.com | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160965 Oracle Enterprise Linux Security Update for glibc (ELSA-2023-5455)
- 160968 Oracle Enterprise Linux Security Update for glibc (ELSA-2023-5453)
- 160973 Oracle Enterprise Linux Security Update for glibc (ELSA-2023-12872)
- 160974 Oracle Enterprise Linux Security Update for glibc (ELSA-2023-12873)
- 199798 Ubuntu Security Notification for GNU C Library Vulnerabilities (USN-6409-1)
- 242111 Red Hat Update for glibc (RHSA-2023:5453)
- 242118 Red Hat Update for glibc (RHSA-2023:5455)
- 284570 Fedora Security Update for glibc (FEDORA-2023-2b8c11ee75)
- 284571 Fedora Security Update for glibc (FEDORA-2023-028062484e)
- 285226 Fedora Security Update for glibc (FEDORA-2023-63e5a77522)
- 356310 Amazon Linux Security Advisory for glibc : ALAS2023-2023-359
- 378929 Alibaba Cloud Linux Security Update for glibc (ALINUX3-SA-2023:0124)
- 6000014 Debian Security Update for glibc (DSA 5514-1)
- 6140299 AWS Bottlerocket Security Update for glibc (GHSA-j8jx-vx9f-w72c)
- 710764 Gentoo Linux glibc Multiple Vulnerabilities (GLSA 202310-03)
- 941278 AlmaLinux Security Update for glibc (ALSA-2023:5455)
- 941283 AlmaLinux Security Update for glibc (ALSA-2023:5453)
- 961035 Rocky Linux Security Update for glibc (RLSA-2023:5455)