A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Fedoraproject
  • Fedora
Gnu
  • Glibc
Netapp
  • H300s
  • H300s Firmware
  • H410c
  • H410c Firmware
  • H410s
  • H410s Firmware
  • H500s
  • H500s Firmware
  • H700s
  • H700s Firmware
Redhat
  • Codeready Linux Builder Eus
  • Codeready Linux Builder Eus For Power Little Endian
  • Codeready Linux Builder Eus For Power Little Endian Eus
  • Codeready Linux Builder For Arm64
  • Codeready Linux Builder For Arm64 Eus
  • Codeready Linux Builder For Ibm Z Systems
  • Codeready Linux Builder For Ibm Z Systems Eus
  • Enterprise Linux
  • Enterprise Linux Eus
  • Enterprise Linux For Arm 64
  • Enterprise Linux For Arm 64 Eus
  • Enterprise Linux For Ibm Z Systems
  • Enterprise Linux For Ibm Z Systems Eus
  • Enterprise Linux For Ibm Z Systems Eus S390x
  • Enterprise Linux For Ibm Z Systems S390x
  • Enterprise Linux For Power Little Endian
  • Enterprise Linux For Power Little Endian Eus
  • Enterprise Linux Server Aus
  • Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
  • Enterprise Linux Tus

Configuration 1 [-]

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_tus:8.8:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
glibc-0:2.28-225.el8_8.6 cpe:/a:redhat:enterprise_linux:8 RHSA-2023:5455 2023-10-05T00:00:00Z
glibc-0:2.28-225.el8_8.6 cpe:/o:redhat:enterprise_linux:8 RHSA-2023:5455 2023-10-05T00:00:00Z
Red Hat Enterprise Linux 9
glibc-0:2.34-60.el9_2.7 cpe:/a:redhat:enterprise_linux:9 RHSA-2023:5453 2023-10-05T00:00:00Z
glibc-0:2.34-60.el9_2.7 cpe:/o:redhat:enterprise_linux:9 RHSA-2023:5453 2023-10-05T00:00:00Z
References
Link Providers
https://access.redhat.com/errata/RHSA-2023:5453 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:5455 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2023-4527 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2234712 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-4527 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-4527 cve-icon
History

Mon, 16 Sep 2024 14:45:00 +0000

Type Values Removed Values Added
References
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-09-18T16:32:18.597Z

Updated: 2024-09-16T13:48:49.572Z

Reserved: 2023-08-24T19:36:21.484Z

Link: CVE-2023-4527

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-09-18T17:15:55.067

Modified: 2024-09-16T14:15:12.243

Link: CVE-2023-4527

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-09-12T00:00:00Z

Links: CVE-2023-4527 - Bugzilla