A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
Fixes

Solution

No solution given by the vendor.


Workaround

Removing the "SUCCESS=continue" or "SUCCESS=merge" configuration from the hosts database in /etc/nsswitch.conf will mitigate this vulnerability. Note that, these options are not supported by the hosts database, if they were working before it was because of this bug.

History

Fri, 26 Sep 2025 12:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

Wed, 30 Apr 2025 20:45:00 +0000

Type Values Removed Values Added
References

Fri, 22 Nov 2024 12:00:00 +0000


Mon, 16 Sep 2024 14:45:00 +0000


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-26T11:43:46.227Z

Reserved: 2023-09-07T01:12:09.809Z

Link: CVE-2023-4813

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-09-12T22:15:08.277

Modified: 2025-09-26T12:15:34.583

Link: CVE-2023-4813

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-03-01T00:00:00Z

Links: CVE-2023-4813 - Bugzilla

cve-icon OpenCVE Enrichment

No data.