{"api_version":"1","generated_at":"2026-04-22T22:49:51+00:00","cve":"CVE-2023-4806","urls":{"html":"https://cve.report/CVE-2023-4806","api":"https://cve.report/api/cve/CVE-2023-4806.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-4806","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-4806"},"summary":{"title":"CVE-2023-4806","description":"A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-09-18 17:15:00","updated_at":"2024-01-25 14:15:00"},"problem_types":["CWE-416"],"metrics":[],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/10/03/4","name":"http://www.openwall.com/lists/oss-security/2023/10/03/4","refsource":"MISC","tags":[],"title":"oss-security - CVE-2023-4806, CVE-2023-5156: glibc: potential use-after-free in getaddrinfo()","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 39 Update: glibc-2.38-6.fc39 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2023:7409","name":"RHSA-2023:7409","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2023/10/03/8","name":"http://www.openwall.com/lists/oss-security/2023/10/03/8","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-4806, CVE-2023-5156: glibc: potential\n use-after-free in getaddrinfo()","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2023:5455","name":"https://access.redhat.com/errata/RHSA-2023:5455","refsource":"MISC","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2023-4806","name":"https://access.redhat.com/security/cve/CVE-2023-4806","refsource":"MISC","tags":[],"title":"cve-details","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/10/03/5","name":"http://www.openwall.com/lists/oss-security/2023/10/03/5","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-4806, CVE-2023-5156: glibc: potential\n use-after-free in getaddrinfo()","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202310-03","name":"https://security.gentoo.org/glsa/202310-03","refsource":"MISC","tags":[],"title":"glibc: Multiple vulnerabilities (GLSA 202310-03) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2023:5453","name":"https://access.redhat.com/errata/RHSA-2023:5453","refsource":"MISC","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 37 Update: glibc-2.36-14.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/10/03/6","name":"http://www.openwall.com/lists/oss-security/2023/10/03/6","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-4806, CVE-2023-5156: glibc: potential\n use-after-free in getaddrinfo()","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 38 Update: glibc-2.37-10.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2237782","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2237782","refsource":"MISC","tags":[],"title":"2237782 – (CVE-2023-4806) CVE-2023-4806 glibc: potential use-after-free in getaddrinfo()","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20240125-0008/","name":"https://security.netapp.com/advisory/ntap-20240125-0008/","refsource":"","tags":[],"title":"CVE-2023-4806 GNU C Library (glibc) Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-4806","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4806","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"38","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"39","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"2.33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"codeready_linux_builder_eus","cpe6":"9.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"codeready_linux_builder_eus_for_power_little_endian","cpe6":"9.0_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"codeready_linux_builder_eus_for_power_little_endian_eus","cpe6":"9.2_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"codeready_linux_builder_for_arm64","cpe6":"9.0_aarch64","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"codeready_linux_builder_for_arm64_eus","cpe6":"9.2_aarch64","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"codeready_linux_builder_for_ibm_z_systems","cpe6":"9.0_s390x","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"codeready_linux_builder_for_ibm_z_systems_eus","cpe6":"9.2_s390x","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_eus","cpe6":"8.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_eus","cpe6":"9.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_arm_64","cpe6":"9.0_aarch64","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_arm_64_eus","cpe6":"9.2_aarch64","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_ibm_z_systems","cpe6":"8.0_s390x","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_ibm_z_systems_eus","cpe6":"8.8_s390x","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_ibm_z_systems_eus_s390x","cpe6":"9.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_ibm_z_systems_s390x","cpe6":"9.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_power_little_endian","cpe6":"8.0_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_power_little_endian","cpe6":"9.2_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_power_little_endian_eus","cpe6":"8.8_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_power_little_endian_eus","cpe6":"9.2_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_aus","cpe6":"9.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions","cpe6":"9.2_ppc64le","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4806","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_tus","cpe6":"8.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-4806","qid":"160965","title":"Oracle Enterprise Linux Security Update for glibc (ELSA-2023-5455)"},{"cve":"CVE-2023-4806","qid":"160968","title":"Oracle Enterprise Linux Security Update for glibc (ELSA-2023-5453)"},{"cve":"CVE-2023-4806","qid":"160973","title":"Oracle Enterprise Linux Security Update for glibc (ELSA-2023-12872)"},{"cve":"CVE-2023-4806","qid":"160974","title":"Oracle Enterprise Linux Security Update for glibc (ELSA-2023-12873)"},{"cve":"CVE-2023-4806","qid":"199987","title":"Ubuntu Security Notification for GNU C Library Vulnerabilities (USN-6541-1)"},{"cve":"CVE-2023-4806","qid":"242111","title":"Red Hat Update for glibc (RHSA-2023:5453)"},{"cve":"CVE-2023-4806","qid":"242118","title":"Red Hat Update for glibc (RHSA-2023:5455)"},{"cve":"CVE-2023-4806","qid":"242490","title":"Red Hat Update for glibc (RHSA-2023:7409)"},{"cve":"CVE-2023-4806","qid":"284570","title":"Fedora Security Update for glibc (FEDORA-2023-2b8c11ee75)"},{"cve":"CVE-2023-4806","qid":"284571","title":"Fedora Security Update for glibc (FEDORA-2023-028062484e)"},{"cve":"CVE-2023-4806","qid":"285226","title":"Fedora Security Update for glibc (FEDORA-2023-63e5a77522)"},{"cve":"CVE-2023-4806","qid":"356310","title":"Amazon Linux Security Advisory for glibc : ALAS2023-2023-359"},{"cve":"CVE-2023-4806","qid":"378929","title":"Alibaba Cloud Linux Security Update for glibc (ALINUX3-SA-2023:0124)"},{"cve":"CVE-2023-4806","qid":"6000014","title":"Debian Security Update for glibc (DSA 5514-1)"},{"cve":"CVE-2023-4806","qid":"6140090","title":"AWS Bottlerocket Security Update for glibc (GHSA-m6r6-qxq3-mcgr)"},{"cve":"CVE-2023-4806","qid":"673448","title":"EulerOS Security Update for glibc (EulerOS-SA-2024-1268)"},{"cve":"CVE-2023-4806","qid":"673505","title":"EulerOS Security Update for glibc (EulerOS-SA-2023-3269)"},{"cve":"CVE-2023-4806","qid":"673617","title":"EulerOS Security Update for glibc (EulerOS-SA-2023-3241)"},{"cve":"CVE-2023-4806","qid":"673645","title":"EulerOS Security Update for glibc (EulerOS-SA-2023-3330)"},{"cve":"CVE-2023-4806","qid":"673703","title":"EulerOS Security Update for glibc (EulerOS-SA-2023-3298)"},{"cve":"CVE-2023-4806","qid":"673859","title":"EulerOS Security Update for glibc (EulerOS-SA-2024-1057)"},{"cve":"CVE-2023-4806","qid":"674073","title":"EulerOS Security Update for glibc (EulerOS-SA-2024-1081)"},{"cve":"CVE-2023-4806","qid":"710764","title":"Gentoo Linux glibc Multiple Vulnerabilities (GLSA 202310-03)"},{"cve":"CVE-2023-4806","qid":"907528","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (29954-1)"},{"cve":"CVE-2023-4806","qid":"941278","title":"AlmaLinux Security Update for glibc (ALSA-2023:5455)"},{"cve":"CVE-2023-4806","qid":"941283","title":"AlmaLinux Security Update for glibc (ALSA-2023:5453)"},{"cve":"CVE-2023-4806","qid":"961035","title":"Rocky Linux Security Update for glibc (RLSA-2023:5455)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-4806","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Use After Free","cweId":"CWE-416"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"glibc","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}},{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"Red Hat Enterprise Linux 8","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0:2.28-225.el8_8.6","lessThan":"*","versionType":"rpm","status":"unaffected"}],"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0:2.28-225.el8_8.6","lessThan":"*","versionType":"rpm","status":"unaffected"}],"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 9","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0:2.34-60.el9_2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}],"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0:2.34-60.el9_2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}],"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 6","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unknown"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unknown"}}]}},{"product_name":"Red Hat Enterprise Linux 7","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}},{"vendor_name":"Fedora","product":{"product_data":[{"product_name":"Fedora","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}}]}},"references":{"reference_data":[{"url":"http://www.openwall.com/lists/oss-security/2023/10/03/4","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/10/03/4"},{"url":"http://www.openwall.com/lists/oss-security/2023/10/03/5","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/10/03/5"},{"url":"http://www.openwall.com/lists/oss-security/2023/10/03/6","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/10/03/6"},{"url":"http://www.openwall.com/lists/oss-security/2023/10/03/8","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/10/03/8"},{"url":"https://access.redhat.com/errata/RHSA-2023:5453","refsource":"MISC","name":"https://access.redhat.com/errata/RHSA-2023:5453"},{"url":"https://access.redhat.com/errata/RHSA-2023:5455","refsource":"MISC","name":"https://access.redhat.com/errata/RHSA-2023:5455"},{"url":"https://access.redhat.com/security/cve/CVE-2023-4806","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2023-4806"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2237782","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2237782"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/"},{"url":"https://security.gentoo.org/glsa/202310-03","refsource":"MISC","name":"https://security.gentoo.org/glsa/202310-03"}]},"credits":[{"lang":"en","value":"This issue was discovered by Siddhesh Poyarekar (Red Hat)."}],"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-09-18 17:15:00","lastModifiedDate":"2024-01-25 14:15:00","problem_types":["CWE-416"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.9,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.2,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:glibc:2.33:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_tus:8.8:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}