CVE-2026-0915 - Vulnerability Details

- getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler

Description

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Published: 2026-01-15

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Calling getnetbyaddr or its reentrant variant while the system’s nsswitch.conf directs glibc to use the DNS backend for network lookups can cause a stack‑based information leak. A zero‑valued network request triggers an out‑of‑bounds read that exposes raw stack data to the configured DNS resolver, compromising confidentiality.

Affected Systems

The flaw is present in GNU C Library versions 2.0 through 2.42. Any Linux system or application that links against one of these glibc releases and that has the DNS backend enabled for network lookups is potentially affected; the vulnerability resides in the library itself, not in specific applications.

Risk and Exploitability

The CVSS base score of 7.5 indicates moderate to high severity, while the EPSS score is less than 1%, implying a low likelihood of exploitation and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires code to invoke getnetbyaddr with a zero network address and a configuration that forwards the request to the DNS backend, which can be achieved by modifying nsswitch.conf. Attackers capable of altering system configuration or controlling DNS responses are the most likely threat actors.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

The GNU C Library

glibc

unaffected

Version	Status	Constraints
`2.0`	affected	≤ 2.42

Configuration 1 [-]

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Gnu	Glibc	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any available glibc patches or updates from the official GNU project repositories.
Edit the nsswitch.conf file to disable the DNS backend for the ‘networks’ entry, e.g., replace ‘dns’ with ‘files’ or remove the entry entirely.
Avoid calling getnetbyaddr or getnetbyaddr_r with a zero network value; ensure application code validates network parameters before invoking the functions.

Generated by OpenCVE AI on April 18, 2026 at 16:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00021.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
http://www.openwall.com/lists/oss-security/2026/01/16/6
https://nvd.nist.gov/vuln/detail/CVE-2026-0915
https://sourceware.org/bugzilla/show_bug.cgi?id=33802
https://www.cve.org/CVERecord?id=CVE-2026-0915

History

Fri, 23 Jan 2026 19:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:gnu:glibc::::::::

Tue, 20 Jan 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Fri, 16 Jan 2026 18:30:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2026/01/16/6

Fri, 16 Jan 2026 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gnu Gnu glibc
Vendors & Products		Gnu Gnu glibc

Fri, 16 Jan 2026 12:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2026-0915 https://www.cve.org/CVERecord?id=CVE-2026-0915
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}` threat_severity `Moderate`

Thu, 15 Jan 2026 22:15:00 +0000

Type	Values Removed	Values Added
Description		Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.
Title		getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler
Weaknesses		CWE-908
References		https://sourceware.org/bugzilla/show_bug.cgi?id=33802

Subscriptions

Gnu Glibc

MITRE

Status: PUBLISHED

Assigner: glibc

Published: 2026-01-15T22:08:41.630Z

Updated: 2026-01-20T16:03:52.590Z

Reserved: 2026-01-13T19:02:42.388Z

Link: CVE-2026-0915

Vulnrichment

Updated: 2026-01-16T17:06:43.013Z

NVD

Status : Analyzed

Published: 2026-01-15T22:16:12.457

Modified: 2026-01-23T19:36:50.730

Link: CVE-2026-0915

Redhat

Severity : Moderate

Publid Date: 2026-01-15T22:08:41Z

Links: CVE-2026-0915 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-18T16:15:04Z

Weaknesses

CWE-908

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object