CVE-2023-4527
moderate-risk
Published 2023-09-18
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
Do I need to act?
-
0.10% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
NETWORK
/ HIGH complexity
Affected Products (20)
Codeready Linux Builder Eus For Power Little Endian
Codeready Linux Builder Eus For Power Little Endian Eus
Codeready Linux Builder For Arm64
Codeready Linux Builder For Arm64 Eus
Codeready Linux Builder For Ibm Z Systems
Codeready Linux Builder For Ibm Z Systems Eus
Enterprise Linux For Ibm Z Systems S390X
Affected Vendors
References (14)
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5453
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5455
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4527
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5453
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5455
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4527
Third Party Advisory
https://security.gentoo.org/glsa/202310-03
Third Party Advisory
https://security.netapp.com/advisory/ntap-20231116-0012/
43
/ 100
moderate-risk
Severity
20/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
23/34 · High