CVE-2023-4806

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

Read the notes from the security team

Why is this CVE low priority?

No known NSS modules expose the vulnerability

Learn more about Ubuntu priority

Status

Show unmaintained releases

Package	Ubuntu Release	Status
eglibc	24.04 LTS noble	Not in release
	23.10 mantic	Not in release
	23.04 lunar	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Needs evaluation
glibc	24.04 LTS noble	Fixed 2.38-1ubuntu5
	23.10 mantic	Fixed 2.38-1ubuntu5
	23.04 lunar	Fixed 2.37-0ubuntu2.2
	22.04 LTS jammy	Fixed 2.35-0ubuntu3.5
	20.04 LTS focal	Fixed 2.31-0ubuntu9.14
	18.04 LTS bionic	Fixed 2.27-3ubuntu1.6+esm1 Ubuntu Pro
	16.04 LTS xenial	Fixed 2.23-0ubuntu11.3+esm5 Ubuntu Pro
	14.04 LTS trusty	Ignored

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

Notes

mdeslaur

This is only an issue when using an NSS module with a very specific behaviour. There are no known NSS modules which are implemented this way. The fix for this issue introduced a leak, identified as CVE-2023-5156 which was later fixed with a subsequent commit. Older releases require backporting a dozen refactoring commits.

ccdm94

One of the refactoring commits needed to fix this issue is also the fix for CVE-2023-4813.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
glibc	Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=973fe93a5675c42798b2161c6f29c01b0e243994 Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=00ae4f10b504bc4564e9f22f00907093f1ab9338 Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6529a7466c935f36e9006b854d6f4e1d4876f942 Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a9728f798ec7f05454c95637ee6581afaa9b487d Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e3ccb230a961b4797510e6a1f5f21fd9021853e7 Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e09ee267c03e3150c2c9ba28625ab130705a485e

Package

Patch details

glibc

Severity score breakdown

Parameter	Value
Base score	5.9 · Medium
Attack vector	Network
Attack complexity	High
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Cvss 3 Severity Score

Why is this CVE low priority?

Status

Get expanded security coverage with Ubuntu Pro

Notes

mdeslaur

ccdm94

Patch details

Severity score breakdown

References

Related Ubuntu Security Notices (USN)

Other references