Description
The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.

These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.
Published: 2026-04-28
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The glibc functions ns_printrrf, ns_printrr and fp_nquery do not validate the RDATA length against the actual data in a DNS response for A6, CERT, LOC, TKEY or TSIG records. An attacker who can control such a response could trigger a buffer overread that causes the application to read uninitialized memory or crash. This corresponds to CWE-126 (Uninitialized Memory Read) and CWE-1284 (Buffer Over-read) and may lead to denial of service or inadvertent disclosure of memory contents.

Affected Systems

Affected vendor: GNU C Library (glibc). All versions between 2.0.1 and 2.43 contain the vulnerable debug functions. They were deprecated in 2.34 and remain in the code base for backward compatibility. Any application that invokes ns_printrrf, ns_printrr or fp_nquery—typically only for diagnostic purposes—may be impacted; standard DNS resolvers that do not call these functions are effectively immune.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate impact. The EPSS score of less than 1% shows a low likelihood of exploitation, and the vulnerability is not listed in CISA's KEV catalog. The attack path requires an adversary to influence a DNS response destined for an application that has called one of the deprecated debug functions. Because these functions are rarely used outside of debugging and are not part of the main DNS resolver path, the practical exploitation window is narrow. If an application does not call them, the risk is effectively zero. When invoked, the buffer overread can cause a crash or unintended disclosure of memory contents.

Generated by OpenCVE AI on June 19, 2026 at 22:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Refactor application code to eliminate calls to ns_printrrf, ns_printrr and fp_nquery and use standard DNS resolution APIs
  • Upgrade to the latest available glibc release, which may remove or disable the deprecated debug functions
  • If legacy diagnostics must continue, compile the application with the NDEBUG or equivalent macro to disable debug-mode DNS queries

Generated by OpenCVE AI on June 19, 2026 at 22:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 19 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Description The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions. The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.

Wed, 06 May 2026 00:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat hummingbird
Weaknesses CWE-1284
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat
Redhat hummingbird
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 04 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Gnu
Gnu glibc
CPEs cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Vendors & Products Gnu
Gnu glibc

Tue, 28 Apr 2026 22:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}


Tue, 28 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared The Gnu C Library
The Gnu C Library glibc
Vendors & Products The Gnu C Library
The Gnu C Library glibc

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.
Title Buffer overread in ns_printrrf with corrupted RDATA field
Weaknesses CWE-126
References

Subscriptions

Gnu Glibc
Redhat Hummingbird
The Gnu C Library Glibc
cve-icon MITRE

Status: PUBLISHED

Assigner: glibc

Published:

Updated: 2026-06-19T20:40:00.060Z

Reserved: 2026-04-13T16:56:08.986Z

Link: CVE-2026-6238

cve-icon Vulnrichment

Updated: 2026-04-28T18:50:28.370Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-28T19:37:47.523

Modified: 2026-06-17T11:00:31.550

Link: CVE-2026-6238

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-28T16:43:08Z

Links: CVE-2026-6238 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T23:00:12Z

Weaknesses
  • CWE-126

    Buffer Over-read

  • CWE-1284

    Improper Validation of Specified Quantity in Input