Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-4806

Published: 18 September 2023

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

Notes

AuthorNote
Priority reason:
No known NSS modules expose the vulnerability
mdeslaur 
This is only an issue when using an NSS module with a very
specific behaviour. There are no known NSS modules which are
implemented this way.

The fix for this issue introduced a leak, identified as
CVE-2023-5156 which was later fixed with a subsequent commit.

Older releases require backporting a dozen refactoring commits.
ccdm94 
One of the refactoring commits needed to fix this issue is also
the fix for CVE-2023-4813.

Priority

Low

Cvss 3 Severity Score

5.9

Score breakdown

Status

Package Release Status
eglibc
Launchpad, Ubuntu, Debian 		bionic Does not exist

focal Does not exist

jammy Does not exist

lunar Does not exist

mantic Does not exist

trusty Needs triage

upstream Needs triage

xenial Does not exist

glibc
Launchpad, Ubuntu, Debian 		bionic
Released (2.27-3ubuntu1.6+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
focal
Released (2.31-0ubuntu9.14)
jammy
Released (2.35-0ubuntu3.5)
lunar
Released (2.37-0ubuntu2.2)
mantic
Released (2.38-1ubuntu5)
trusty Ignored
(end of standard support)
upstream Needs triage

xenial
Released (2.23-0ubuntu11.3+esm5)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
Patches:
upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=973fe93a5675c42798b2161c6f29c01b0e243994
upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=00ae4f10b504bc4564e9f22f00907093f1ab9338
upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6529a7466c935f36e9006b854d6f4e1d4876f942
upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a9728f798ec7f05454c95637ee6581afaa9b487d
upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e3ccb230a961b4797510e6a1f5f21fd9021853e7
upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e09ee267c03e3150c2c9ba28625ab130705a485e

Severity score breakdown

Parameter Value
Base score 5.9
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading