A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
35
Affected Products
14
References
gnu / glibc
| - |
| redhat | codeready_linux_builder_eus | - | - |
| redhat | codeready_linux_builder_eus_for_power_little_endian | - | - |
| redhat | codeready_linux_builder_eus_for_power_little_endian_eus | - | - |
| redhat | codeready_linux_builder_for_arm64 | - | - |
| redhat | codeready_linux_builder_for_arm64_eus | - | - |
| redhat | codeready_linux_builder_for_ibm_z_systems | - | - |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | - | - |
| redhat | enterprise_linux | - | - |
| redhat | enterprise_linux | - | - |
| redhat | enterprise_linux_eus | - | - |
| redhat | enterprise_linux_eus | - | - |
| redhat | enterprise_linux_for_arm_64 | - | - |
| redhat | enterprise_linux_for_arm_64_eus | - | - |
| redhat | enterprise_linux_for_ibm_z_systems | - | - |
| redhat | enterprise_linux_for_ibm_z_systems_eus | - | - |
| redhat | enterprise_linux_for_ibm_z_systems_eus_s390x | - | - |
| redhat | enterprise_linux_for_ibm_z_systems_s390x | - | - |
| redhat | enterprise_linux_for_power_little_endian | - | - |
| redhat | enterprise_linux_for_power_little_endian | - | - |
| redhat | enterprise_linux_for_power_little_endian_eus | - | - |
| redhat | enterprise_linux_for_power_little_endian_eus | - | - |
| redhat | enterprise_linux_server_aus | - | - |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | - | - |
| redhat | enterprise_linux_tus | - | - |
| fedoraproject | fedora | - | - |
| fedoraproject | fedora | - | - |
| fedoraproject | fedora | - | - |
| netapp | h300s_firmware | - | - |
| netapp | h500s_firmware | - | - |
| netapp | h700s_firmware | - | - |
| netapp | h410s_firmware | - | - |
| netapp | h410c_firmware | - | - |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
Exploitability
Impact