CVE-2023-4806
medium
CVSS v3
5.9
CVSS v4 NEW
β
VIR risk
5.9
Description
RHSA-2023:5455: glibc security update (Important)
Predictions
Exploit likelihood
69%
Patch ETA
β
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Red Hat Errata β Red Hat Inc. Β· View original β Β· Open-Errata-API
Description glibc: potential use-after-free in getaddrinfo() Red Hat statement This issue is only exploitable with very specific conditions, as detailed in the description. However, all glibc versions shipped in Red Hat Enterprise Linux are vulnerable to this issue. CVSS v3: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hatβ¦
Description
glibc: potential use-after-free in getaddrinfo()
Red Hat statement
This issue is only exploitable with very specific conditions, as detailed in the description. However, all glibc versions shipped in Red Hat Enterprise Linux are vulnerable to this issue.
CVSS v3: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | glibc-0:2.28-225.el8_8.6 | RHSA-2023:5455 | 2023-10-05T00:00:00Z |
| Red Hat Enterprise Linux 8 | glibc-0:2.28-225.el8_8.6 | RHSA-2023:5455 | 2023-10-05T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Extended Update Support | glibc-0:2.28-189.8.el8_6 | RHSA-2023:7409 | 2023-11-21T00:00:00Z |
| Red Hat Enterprise Linux 9 | glibc-0:2.34-100.el9 | RHBA-2024:2413 | 2024-04-30T00:00:00Z |
| Red Hat Enterprise Linux 9 | glibc-0:2.34-60.el9_2.7 | RHSA-2023:5453 | 2023-10-05T00:00:00Z |
| Red Hat Enterprise Linux 9 | glibc-0:2.34-100.el9 | RHBA-2024:2413 | 2024-04-30T00:00:00Z |
| Red Hat Enterprise Linux 9 | glibc-0:2.34-60.el9_2.7 | RHSA-2023:5453 | 2023-10-05T00:00:00Z |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | glibc-0:2.28-189.8.el8_6 | RHSA-2023:7409 | 2023-11-21T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | compat-glibc | Out of support scope |
| Red Hat Enterprise Linux 6 | glibc | Out of support scope |
| Red Hat Enterprise Linux 7 | compat-glibc | Will not fix |
| Red Hat Enterprise Linux 7 | glibc | Will not fix |
Apply commands
Apply RHSA-2023:5455 for Red Hat Enterprise Linux 8
yum update -y glibc
# or:
dnf upgrade -y glibcOS impact
Fedora Affected 3 releases
| Version | Status | Fixed in |
|---|---|---|
| 39 | Affected | β |
| 38 | Affected | β |
| 37 | Affected | β |
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
Debian Mixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2.37-10 |
| sid | Fixed | 2.37-10 |
| forky | Fixed | 2.37-10 |
| bullseye | Affected | β |
| bookworm | Fixed | 2.36-9+deb12u3 |
Red Hat Mixed 8 releases
| Version | Status | Fixed in |
|---|---|---|
| 9.2 | Affected | β |
| 9.0_aarch64 | Affected | β |
| 9.0 | Affected | β |
| 9 | Fixed | β |
| 8.8 | Affected | β |
| 8.0 | Affected | β |
| 8 | Fixed | β |
| 7.0 | Affected | β |
AlmaLinux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | glibc-locale-source-2.34-60.el9_2.7.aarch64.rpm |
| 8 | Fixed | glibc-doc-2.28-225.el8_8.6.noarch.rpm |
Rocky Linux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | β |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| gnu | glibc | 2.33 | |
| redhat | codeready_linux_builder_eus | 9.2 | |
| redhat | codeready_linux_builder_eus_for_power_little_endian | 9.0_ppc64le | |
| redhat | codeready_linux_builder_eus_for_power_little_endian_eus | 9.2_ppc64le | |
| redhat | codeready_linux_builder_for_arm64 | 9.0_aarch64 | |
| redhat | codeready_linux_builder_for_arm64_eus | 9.2_aarch64 | |
| redhat | codeready_linux_builder_for_ibm_z_systems | 9.0_s390x | |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 9.2_s390x | |
References
- https://access.redhat.com/errata/RHBA-2024:2413
- https://access.redhat.com/errata/RHSA-2023:5453
- https://access.redhat.com/errata/RHSA-2023:5455
- https://access.redhat.com/errata/RHSA-2023:7409
- https://access.redhat.com/security/cve/CVE-2023-4806
- https://bugzilla.redhat.com/show_bug.cgi?id=2237782
- http://www.openwall.com/lists/oss-security/2023/10/03/4
- http://www.openwall.com/lists/oss-security/2023/10/03/5
- http://www.openwall.com/lists/oss-security/2023/10/03/6
- http://www.openwall.com/lists/oss-security/2023/10/03/8
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
- https://security.gentoo.org/glsa/202310-03
- https://security.netapp.com/advisory/ntap-20240125-0008/
- https://cert-portal.siemens.com/productcert/html/ssa-082556.html
- https://cert-portal.siemens.com/productcert/html/ssa-831302.html
- https://errata.rockylinux.org/RLSA-2023:5455
- https://www.suse.com/security/cve/CVE-2023-4806.html
- https://security-tracker.debian.org/tracker/CVE-2023-4806
- https://bugzilla.redhat.com/2234712
- https://bugzilla.redhat.com/2237782
- https://bugzilla.redhat.com/2237798
- https://bugzilla.redhat.com/2238352
- https://errata.almalinux.org/8/ALSA-2023-5455.html
CWEs
CWE-416
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.