Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Network

0

CVE-2023-4806

Disclosure Date: September 18, 2023 •

CVE-2023-4806 CVSS v3 Base Score: 5.9

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nss_gethostbyname2_r and nss_getcanonname_r hooks without implementing the nss*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.9 Medium

Impact Score:

3.6

Exploitability Score:

2.2

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

High

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

Products

Weaknesses

CWE-416

References

Canonical

CVE-2023-4806 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4806)

Miscellaneous

https://access.redhat.com/security/cve/CVE-2023-4806

https://bugzilla.redhat.com/show_bug.cgi?id=2237782

http://www.openwall.com/lists/oss-security/2023/10/03/5

http://www.openwall.com/lists/oss-security/2023/10/03/4

http://www.openwall.com/lists/oss-security/2023/10/03/8

http://www.openwall.com/lists/oss-security/2023/10/03/6

https://security.gentoo.org/glsa/202310-03

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/

https://access.redhat.com/errata/RHSA-2023:5453

https://access.redhat.com/errata/RHSA-2023:5455

https://access.redhat.com/errata/RHSA-2023:7409

https://security.netapp.com/advisory/ntap-20240125-0008/

Rapid7

Technical Analysis