Vulnerability-Lookup

RHSA-2026:7316

Vulnerability from csaf_redhat - Published: 2026-04-09 14:13 - Updated: 2026-04-23 22:55

Summary

Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Severity

Moderate

Notes

Topic: An update for Red Hat Hardened Images RPMs is now available.

Details: This update includes the following RPMs:

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-15281

A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-908 - Use of Uninitialized Resource

Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:7316

Workaround To mitigate this issue, consider refactoring the use of the wordexp function to not use the WRDE_REUSE and WRDE_APPEND flags together.

CVE-2026-0861

A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:7316

Workaround Applications calling one of the vulnerable functions and allowing the alignment parameter to be set by user-controlled input can implement additional validations checks, ensuring the alignment value is a power of two and does not exceed a sane limit, for example the system page size or a maximum of 64KB. This prevents the excessively large value required to trigger the integer overflow.

CVE-2026-0915

A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-908 - Use of Uninitialized Resource

Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:7316

Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

CVE-2026-3904

A flaw was found in glibc. When calling NSS-backed functions that support caching via nscd, the nscd client under high load on x86_64 systems may call the memcmp function on inputs that are concurrently modified by other processes or threads, causing a crash and resulting in a denial of service.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-366 - Race Condition within a Thread

Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:7316

CVE-2026-4437

A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:7316

CVE-2026-4438

A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.

4.0 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-838 - Inappropriate Encoding for Output Context

Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://images.redhat.com/ https://access.redhat.com/errata/RHSA-2026:7316

References

URL

Category

	https://access.redhat.com/errata/RHSA-2026:7316	self
	https://images.redhat.com/	external
	https://access.redhat.com/security/cve/CVE-2026-3904	external
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/security/cve/CVE-2025-15281	external
	https://access.redhat.com/security/cve/CVE-2026-4438	external
	https://access.redhat.com/security/cve/CVE-2026-4437	external
	https://access.redhat.com/security/cve/CVE-2026-0915	external
	https://access.redhat.com/security/cve/CVE-2026-0861	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2025-15281	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2431196	external
	https://www.cve.org/CVERecord?id=CVE-2025-15281	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-15281	external
	https://sourceware.org/bugzilla/show_bug.cgi?id=33814	external
	https://access.redhat.com/security/cve/CVE-2026-0861	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2429771	external
	https://www.cve.org/CVERecord?id=CVE-2026-0861	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-0861	external
	https://sourceware.org/bugzilla/show_bug.cgi?id=33796	external
	https://access.redhat.com/security/cve/CVE-2026-0915	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2430201	external
	https://www.cve.org/CVERecord?id=CVE-2026-0915	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-0915	external
	https://sourceware.org/bugzilla/show_bug.cgi?id=33802	external
	https://access.redhat.com/security/cve/CVE-2026-3904	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2446533	external
	https://www.cve.org/CVERecord?id=CVE-2026-3904	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-3904	external
	https://sourceware.org/bugzilla/show_bug.cgi?id=29863	external
	https://sourceware.org/git/?p=glibc.git;a=blob_pl…	external
	https://sourceware.org/git/?p=glibc.git;a=commit;…	external
	https://sourceware.org/git/?p=glibc.git;a=commit;…	external
	https://access.redhat.com/security/cve/CVE-2026-4437	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2449777	external
	https://www.cve.org/CVERecord?id=CVE-2026-4437	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-4437	external
	https://sourceware.org/bugzilla/show_bug.cgi?id=34014	external
	https://access.redhat.com/security/cve/CVE-2026-4438	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2449783	external
	https://www.cve.org/CVERecord?id=CVE-2026-4438	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-4438	external
	https://sourceware.org/bugzilla/show_bug.cgi?id=34015	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for Red Hat Hardened Images RPMs is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This update includes the following RPMs:",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:7316",
        "url": "https://access.redhat.com/errata/RHSA-2026:7316"
      },
      {
        "category": "external",
        "summary": "https://images.redhat.com/",
        "url": "https://images.redhat.com/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-3904",
        "url": "https://access.redhat.com/security/cve/CVE-2026-3904"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-15281",
        "url": "https://access.redhat.com/security/cve/CVE-2025-15281"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-4438",
        "url": "https://access.redhat.com/security/cve/CVE-2026-4438"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-4437",
        "url": "https://access.redhat.com/security/cve/CVE-2026-4437"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-0915",
        "url": "https://access.redhat.com/security/cve/CVE-2026-0915"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-0861",
        "url": "https://access.redhat.com/security/cve/CVE-2026-0861"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7316.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-04-23T22:55:54+00:00",
      "generator": {
        "date": "2026-04-23T22:55:54+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.5"
        }
      },
      "id": "RHSA-2026:7316",
      "initial_release_date": "2026-04-09T14:13:59+00:00",
      "revision_history": [
        {
          "date": "2026-04-09T14:13:59+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-04-23T22:52:38+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-23T22:55:54+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Hardened Images",
                "product": {
                  "name": "Red Hat Hardened Images",
                  "product_id": "Red Hat Hardened Images",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:hummingbird:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Hardened Images"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "glibc-main@aarch64",
                "product": {
                  "name": "glibc-main@aarch64",
                  "product_id": "glibc-main@aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/compat-libpthread-nonshared@2.42-11.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "glibc-main@x86_64",
                "product": {
                  "name": "glibc-main@x86_64",
                  "product_id": "glibc-main@x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/compat-libpthread-nonshared@2.42-11.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "glibc-main@src",
                "product": {
                  "name": "glibc-main@src",
                  "product_id": "glibc-main@src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glibc@2.42-11.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "glibc-main@noarch",
                "product": {
                  "name": "glibc-main@noarch",
                  "product_id": "glibc-main@noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glibc-doc@2.42-11.1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glibc-main@aarch64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:glibc-main@aarch64"
        },
        "product_reference": "glibc-main@aarch64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glibc-main@noarch as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:glibc-main@noarch"
        },
        "product_reference": "glibc-main@noarch",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glibc-main@src as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:glibc-main@src"
        },
        "product_reference": "glibc-main@src",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glibc-main@x86_64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:glibc-main@x86_64"
        },
        "product_reference": "glibc-main@x86_64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-15281",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "discovery_date": "2026-01-20T14:01:12.320264+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2431196"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to find an application linked to the glibc library that is using the wordexp function with the flags WRDE_REUSE and WRDE_APPEND. Also, calls to wordexp using both flags never worked correctly and thus the existence of applications that make use of this feature is unlikely. There is no known application vulnerable to this issue.\n\nFurthermore, this flaw will result in a denial of service with no other security impact.\n\nDue to these reasons, this vulnerability has been rated with a low severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:glibc-main@aarch64",
          "Red Hat Hardened Images:glibc-main@noarch",
          "Red Hat Hardened Images:glibc-main@src",
          "Red Hat Hardened Images:glibc-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-15281"
        },
        {
          "category": "external",
          "summary": "RHBZ#2431196",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431196"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-15281",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15281"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281"
        },
        {
          "category": "external",
          "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33814",
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33814"
        }
      ],
      "release_date": "2026-01-20T13:22:46.495000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-09T14:13:59+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:glibc-main@aarch64",
            "Red Hat Hardened Images:glibc-main@noarch",
            "Red Hat Hardened Images:glibc-main@src",
            "Red Hat Hardened Images:glibc-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:7316"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, consider refactoring the use of the wordexp function to not use the WRDE_REUSE and WRDE_APPEND flags together.",
          "product_ids": [
            "Red Hat Hardened Images:glibc-main@aarch64",
            "Red Hat Hardened Images:glibc-main@noarch",
            "Red Hat Hardened Images:glibc-main@src",
            "Red Hat Hardened Images:glibc-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:glibc-main@aarch64",
            "Red Hat Hardened Images:glibc-main@noarch",
            "Red Hat Hardened Images:glibc-main@src",
            "Red Hat Hardened Images:glibc-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory"
    },
    {
      "cve": "CVE-2026-0861",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2026-01-14T22:01:10.975595+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2429771"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: Integer overflow in memalign leads to heap corruption",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker needs to find an application linked to the glibc library that is using one of the vulnerable functions (memalign, posix_memalign, aligned_alloc, valloc or pvalloc) in a way that the alignment parameter can be user-controlled, allowing an attacker to trigger the integer overflow. However, the alignment parameter used by the functions is usually hard-coded power of two and do not allow arbitrary values, specially values supplied by a user. There is no known application vulnerable to this issue.\n\nAlso, default Red Hat Enterprise Linux security features, including SELinux enforcement, Address Space Layout Randomization (ASLR) and memory protections significantly increase the difficult of achieving arbitrary code execution, limiting the impact of this vulnerability.\n\nDue to these reasons, this vulnerability has been rated with a low severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:glibc-main@aarch64",
          "Red Hat Hardened Images:glibc-main@noarch",
          "Red Hat Hardened Images:glibc-main@src",
          "Red Hat Hardened Images:glibc-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-0861"
        },
        {
          "category": "external",
          "summary": "RHBZ#2429771",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429771"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-0861",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0861"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861"
        },
        {
          "category": "external",
          "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33796",
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33796"
        }
      ],
      "release_date": "2026-01-14T21:01:11.037000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-09T14:13:59+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:glibc-main@aarch64",
            "Red Hat Hardened Images:glibc-main@noarch",
            "Red Hat Hardened Images:glibc-main@src",
            "Red Hat Hardened Images:glibc-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:7316"
        },
        {
          "category": "workaround",
          "details": "Applications calling one of the vulnerable functions and allowing the alignment parameter to be set by user-controlled input can implement additional validations checks, ensuring the alignment value is a power of two and does not exceed a sane limit, for example the system page size or a maximum of 64KB. This prevents the excessively large value required to trigger the integer overflow.",
          "product_ids": [
            "Red Hat Hardened Images:glibc-main@aarch64",
            "Red Hat Hardened Images:glibc-main@noarch",
            "Red Hat Hardened Images:glibc-main@src",
            "Red Hat Hardened Images:glibc-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:glibc-main@aarch64",
            "Red Hat Hardened Images:glibc-main@noarch",
            "Red Hat Hardened Images:glibc-main@src",
            "Red Hat Hardened Images:glibc-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "glibc: Integer overflow in memalign leads to heap corruption"
    },
    {
      "cve": "CVE-2026-0915",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "discovery_date": "2026-01-15T23:01:26.157678+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2430201"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system\u0027s `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: glibc: Information disclosure via zero-valued network query",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Moderate for Red Hat products. It allows for information disclosure of stack contents to a configured DNS resolver when an application utilizes `getnetbyaddr` or `getnetbyaddr_r` with a DNS backend specified in `nsswitch.conf` for a zero-valued network query. This affects Red Hat Enterprise Linux and OpenShift Container Platform.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:glibc-main@aarch64",
          "Red Hat Hardened Images:glibc-main@noarch",
          "Red Hat Hardened Images:glibc-main@src",
          "Red Hat Hardened Images:glibc-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-0915"
        },
        {
          "category": "external",
          "summary": "RHBZ#2430201",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430201"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-0915",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0915"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915"
        },
        {
          "category": "external",
          "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33802",
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33802"
        }
      ],
      "release_date": "2026-01-15T22:08:41.630000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-09T14:13:59+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:glibc-main@aarch64",
            "Red Hat Hardened Images:glibc-main@noarch",
            "Red Hat Hardened Images:glibc-main@src",
            "Red Hat Hardened Images:glibc-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:7316"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Hardened Images:glibc-main@aarch64",
            "Red Hat Hardened Images:glibc-main@noarch",
            "Red Hat Hardened Images:glibc-main@src",
            "Red Hat Hardened Images:glibc-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:glibc-main@aarch64",
            "Red Hat Hardened Images:glibc-main@noarch",
            "Red Hat Hardened Images:glibc-main@src",
            "Red Hat Hardened Images:glibc-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glibc: glibc: Information disclosure via zero-valued network query"
    },
    {
      "cve": "CVE-2026-3904",
      "cwe": {
        "id": "CWE-366",
        "name": "Race Condition within a Thread"
      },
      "discovery_date": "2026-03-11T14:01:17.825296+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2446533"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in glibc. When calling NSS-backed functions that support caching via nscd, the nscd client under high load on x86_64 systems may call the memcmp function on inputs that are concurrently modified by other processes or threads, causing a crash and resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: nscd client crash on x86_64 under high nscd load",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is only exploitable via applications using NSS-backed functions that support caching via nscd under a high load on x86_64 systems. It depends on a race condition on inputs that are concurrently modified by other processes or threads during memory access, increasing the complexity of exploitation. Also, this flaw can only cause an application crash, limiting the security impact to a denial of service. Due to these reasons, this vulnerability has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:glibc-main@aarch64",
          "Red Hat Hardened Images:glibc-main@noarch",
          "Red Hat Hardened Images:glibc-main@src",
          "Red Hat Hardened Images:glibc-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-3904"
        },
        {
          "category": "external",
          "summary": "RHBZ#2446533",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446533"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-3904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3904"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3904",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3904"
        },
        {
          "category": "external",
          "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=29863",
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29863"
        },
        {
          "category": "external",
          "summary": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0004;hb=HEAD",
          "url": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0004;hb=HEAD"
        },
        {
          "category": "external",
          "summary": "https://sourceware.org/git/?p=glibc.git;a=commit;h=8804157ad9da39631703b92315460808eac86b0c",
          "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=8804157ad9da39631703b92315460808eac86b0c"
        },
        {
          "category": "external",
          "summary": "https://sourceware.org/git/?p=glibc.git;a=commit;h=b712be52645282c706a5faa038242504feb06db5",
          "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=b712be52645282c706a5faa038242504feb06db5"
        }
      ],
      "release_date": "2026-03-11T13:19:09.741000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-09T14:13:59+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:glibc-main@aarch64",
            "Red Hat Hardened Images:glibc-main@noarch",
            "Red Hat Hardened Images:glibc-main@src",
            "Red Hat Hardened Images:glibc-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:7316"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Hardened Images:glibc-main@aarch64",
            "Red Hat Hardened Images:glibc-main@noarch",
            "Red Hat Hardened Images:glibc-main@src",
            "Red Hat Hardened Images:glibc-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:glibc-main@aarch64",
            "Red Hat Hardened Images:glibc-main@noarch",
            "Red Hat Hardened Images:glibc-main@src",
            "Red Hat Hardened Images:glibc-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glibc: nscd client crash on x86_64 under high nscd load"
    },
    {
      "cve": "CVE-2026-4437",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2026-03-20T21:01:45.993907+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2449777"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc\u0027s DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This MODERATE impact flaw in glibc allows a remote attacker to send a specially crafted DNS response when an application uses `gethostbyaddr` or `gethostbyaddr_r` with glibc\u0027s DNS backend configured in `nsswitch.conf`. This can lead to incorrect interpretation of DNS responses. Red Hat Enterprise Linux versions 6, 7, 8, 9, and 10, as well as OpenShift Container Platform, are affected if applications are configured to use the vulnerable DNS backend.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:glibc-main@aarch64",
          "Red Hat Hardened Images:glibc-main@noarch",
          "Red Hat Hardened Images:glibc-main@src",
          "Red Hat Hardened Images:glibc-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-4437"
        },
        {
          "category": "external",
          "summary": "RHBZ#2449777",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449777"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-4437",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4437"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4437",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4437"
        },
        {
          "category": "external",
          "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=34014",
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34014"
        }
      ],
      "release_date": "2026-03-20T19:59:00.427000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-09T14:13:59+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:glibc-main@aarch64",
            "Red Hat Hardened Images:glibc-main@noarch",
            "Red Hat Hardened Images:glibc-main@src",
            "Red Hat Hardened Images:glibc-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:7316"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Hardened Images:glibc-main@aarch64",
            "Red Hat Hardened Images:glibc-main@noarch",
            "Red Hat Hardened Images:glibc-main@src",
            "Red Hat Hardened Images:glibc-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:glibc-main@aarch64",
            "Red Hat Hardened Images:glibc-main@noarch",
            "Red Hat Hardened Images:glibc-main@src",
            "Red Hat Hardened Images:glibc-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response"
    },
    {
      "cve": "CVE-2026-4438",
      "cwe": {
        "id": "CWE-838",
        "name": "Inappropriate Encoding for Output Context"
      },
      "discovery_date": "2026-03-20T21:02:16.458842+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2449783"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc\u0027s DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is a LOW impact flaw where glibc\u0027s `gethostbyaddr` and `gethostbyaddr_r` functions may return an invalid DNS hostname. This occurs when applications use a `nsswitch.conf` configuration that specifies glibc\u0027s DNS backend. This could lead to applications receiving incorrect hostname information, potentially affecting network operations or security decisions on Red Hat Enterprise Linux and OpenShift Container Platform.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:glibc-main@aarch64",
          "Red Hat Hardened Images:glibc-main@noarch",
          "Red Hat Hardened Images:glibc-main@src",
          "Red Hat Hardened Images:glibc-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-4438"
        },
        {
          "category": "external",
          "summary": "RHBZ#2449783",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449783"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-4438",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4438"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4438",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4438"
        },
        {
          "category": "external",
          "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=34015",
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34015"
        }
      ],
      "release_date": "2026-03-20T19:59:06.064000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-09T14:13:59+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:glibc-main@aarch64",
            "Red Hat Hardened Images:glibc-main@noarch",
            "Red Hat Hardened Images:glibc-main@src",
            "Red Hat Hardened Images:glibc-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:7316"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Hardened Images:glibc-main@aarch64",
            "Red Hat Hardened Images:glibc-main@noarch",
            "Red Hat Hardened Images:glibc-main@src",
            "Red Hat Hardened Images:glibc-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:glibc-main@aarch64",
            "Red Hat Hardened Images:glibc-main@noarch",
            "Red Hat Hardened Images:glibc-main@src",
            "Red Hat Hardened Images:glibc-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions"
    }
  ]
}

CVE-2026-4438 (GCVE-0-2026-4438)

Vulnerability from cvelistv5 – Published: 2026-03-20 19:59 – Updated: 2026-03-23 15:06

Title

gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames

Summary

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-20 - Improper input validation

Assigner

glibc

References

URL

Tags

https://sourceware.org/bugzilla/show_bug.cgi?id=34015

Impacted products

	Vendor	Product	Version
	The GNU C Library	glibc	Affected: 2.34 , ≤ 2.43 (custom)

Date Public ?

2026-03-20 22:17

Credits

Antonio Maini (0rbitingZer0) - 0rbitingZer0@proton.me

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4438",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-23T15:06:13.636418Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-88",
                "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-23T15:06:16.376Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "glibc",
          "vendor": "The GNU C Library",
          "versions": [
            {
              "lessThanOrEqual": "2.43",
              "status": "affected",
              "version": "2.34",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Antonio Maini (0rbitingZer0) - 0rbitingZer0@proton.me"
        }
      ],
      "datePublic": "2026-03-20T22:17:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eCalling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library\u0027s DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.\u003c/div\u003e"
            }
          ],
          "value": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library\u0027s DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-142",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-142 DNS Cache Poisoning"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper input validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T19:59:06.064Z",
        "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "shortName": "glibc"
      },
      "references": [
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34015"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
    "assignerShortName": "glibc",
    "cveId": "CVE-2026-4438",
    "datePublished": "2026-03-20T19:59:06.064Z",
    "dateReserved": "2026-03-19T19:55:44.639Z",
    "dateUpdated": "2026-03-23T15:06:16.376Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0915 (GCVE-0-2026-0915)

Vulnerability from cvelistv5 – Published: 2026-01-15 22:08 – Updated: 2026-01-20 16:03

Title

getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler

Summary

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

glibc

References

URL

Tags

https://sourceware.org/bugzilla/show_bug.cgi?id=33802

Impacted products

	Vendor	Product	Version
	The GNU C Library	glibc	Affected: 2.0 , ≤ 2.42 (custom)

Credits

Igor Morgenstern, Aisle Research

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-16T17:06:43.013Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/01/16/6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0915",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-20T16:03:19.464174Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-20T16:03:52.590Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33802"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "glibc",
          "vendor": "The GNU C Library",
          "versions": [
            {
              "lessThanOrEqual": "2.42",
              "status": "affected",
              "version": "2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Igor Morgenstern, Aisle Research"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library\u0027s DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver."
            }
          ],
          "value": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library\u0027s DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-204",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-204 Lifting Sensitive Data Embedded in Cache"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-908",
              "description": "CWE-908 Use of Uninitialized Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T22:08:41.630Z",
        "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "shortName": "glibc"
      },
      "references": [
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33802"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
    "assignerShortName": "glibc",
    "cveId": "CVE-2026-0915",
    "datePublished": "2026-01-15T22:08:41.630Z",
    "dateReserved": "2026-01-13T19:02:42.388Z",
    "dateUpdated": "2026-01-20T16:03:52.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-15281 (GCVE-0-2025-15281)

Vulnerability from cvelistv5 – Published: 2026-01-20 13:22 – Updated: 2026-01-22 19:21

Title

wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

Summary

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

glibc

References

URL

Tags

https://sourceware.org/bugzilla/show_bug.cgi?id=33814

Impacted products

	Vendor	Product	Version
	The GNU C Library	glibc	Affected: 2.0 , ≤ 2.42 (custom)

Credits

Vitaly Simonovich

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-20T17:08:42.853Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/01/20/3"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-15281",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-22T19:21:34.491759Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-22T19:21:38.455Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "glibc",
          "vendor": "The GNU C Library",
          "versions": [
            {
              "lessThanOrEqual": "2.42",
              "status": "affected",
              "version": "2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Vitaly Simonovich"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eCalling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.\u003c/div\u003e"
            }
          ],
          "value": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-129",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-129 Pointer Manipulation"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-908",
              "description": "CWE-908 Use of Uninitialized Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-20T13:22:46.495Z",
        "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "shortName": "glibc"
      },
      "references": [
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33814"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
    "assignerShortName": "glibc",
    "cveId": "CVE-2025-15281",
    "datePublished": "2026-01-20T13:22:46.495Z",
    "dateReserved": "2025-12-29T20:07:29.736Z",
    "dateUpdated": "2026-01-22T19:21:38.455Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3904 (GCVE-0-2026-3904)

Vulnerability from cvelistv5 – Published: 2026-03-11 13:19 – Updated: 2026-03-11 15:56

Summary

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread, potentially resulting in spurious cache misses, which in itself is not a security issue. However in the GNU C Library version 2.36 an optimized implementation of memcmp was introduced for x86_64 which could crash when invoked with such undefined behaviour, turning this into a potential crash of the nscd client and the application that uses it. This implementation was backported to the 2.35 branch, making the nscd client in that branch vulnerable as well. Subsequently, the fix for this issue was backported to all vulnerable branches in the GNU C Library repository. It is advised that distributions that may have cherry-picked the memcpy SSE2 optimization in their copy of the GNU C Library, also apply the fix to avoid the potential crash in the nscd client.

Severity ?

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-366 - Race condition within a thread

Assigner

glibc

References

URL

Tags

	https://sourceware.org/git/?p=glibc.git;a=blob_pl…
	https://sourceware.org/bugzilla/show_bug.cgi?id=29863
	https://sourceware.org/git/?p=glibc.git;a=commit;…
	https://sourceware.org/git/?p=glibc.git;a=commit;…

Impacted products

	Vendor	Product	Version
	The GNU C Library	glibc	Affected: 2.35 , < 2.37 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-03-11T15:16:39.402Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/03/11/5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.2,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-3904",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-11T15:56:03.349329Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T15:56:23.027Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "glibc",
          "vendor": "The GNU C Library",
          "versions": [
            {
              "lessThan": "2.37",
              "status": "affected",
              "version": "2.35",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eCalling NSS-backed functions that support caching via nscd may call the \nnscd client side code and in the GNU C Library version 2.36 under high \nload on x86_64 systems, the client may call memcmp on inputs that are \nconcurrently modified by other processes or threads and crash.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe nscd client in the GNU C Library uses the memcmp function with \ninputs that may be concurrently modified by another thread, potentially \nresulting in spurious cache misses, which in itself is not a security \nissue.\u0026nbsp; However in the GNU C Library version 2.36 an optimized \nimplementation of memcmp was introduced for x86_64 which could crash \nwhen invoked with such undefined behaviour, turning this into a \npotential crash of the nscd client and the application that uses it. \nThis implementation was backported to the 2.35 branch, making the nscd \nclient in that branch vulnerable as well.\u0026nbsp; Subsequently, the fix for \nthis issue was backported to all vulnerable branches in the GNU C \nLibrary repository.\u003cbr\u003e\n\u003cbr\u003eIt is advised that distributions that may have cherry-picked the memcpy \nSSE2 optimization in their copy of the GNU C Library, also apply the fix \nto avoid the potential crash in the nscd client.\u003c/div\u003e"
            }
          ],
          "value": "Calling NSS-backed functions that support caching via nscd may call the \nnscd client side code and in the GNU C Library version 2.36 under high \nload on x86_64 systems, the client may call memcmp on inputs that are \nconcurrently modified by other processes or threads and crash.\n\n\n\n\nThe nscd client in the GNU C Library uses the memcmp function with \ninputs that may be concurrently modified by another thread, potentially \nresulting in spurious cache misses, which in itself is not a security \nissue.\u00a0 However in the GNU C Library version 2.36 an optimized \nimplementation of memcmp was introduced for x86_64 which could crash \nwhen invoked with such undefined behaviour, turning this into a \npotential crash of the nscd client and the application that uses it. \nThis implementation was backported to the 2.35 branch, making the nscd \nclient in that branch vulnerable as well.\u00a0 Subsequently, the fix for \nthis issue was backported to all vulnerable branches in the GNU C \nLibrary repository.\n\n\nIt is advised that distributions that may have cherry-picked the memcpy \nSSE2 optimization in their copy of the GNU C Library, also apply the fix \nto avoid the potential crash in the nscd client."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-366",
              "description": "CWE-366 Race condition within a thread",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-11T13:19:09.741Z",
        "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "shortName": "glibc"
      },
      "references": [
        {
          "url": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0004;hb=HEAD"
        },
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29863"
        },
        {
          "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=8804157ad9da39631703b92315460808eac86b0c"
        },
        {
          "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=b712be52645282c706a5faa038242504feb06db5"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
    "assignerShortName": "glibc",
    "cveId": "CVE-2026-3904",
    "datePublished": "2026-03-11T13:19:09.741Z",
    "dateReserved": "2026-03-10T19:52:49.054Z",
    "dateUpdated": "2026-03-11T15:56:23.027Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0861 (GCVE-0-2026-0861)

Vulnerability from cvelistv5 – Published: 2026-01-14 21:01 – Updated: 2026-01-16 17:06

Title

Integer overflow in memalign leads to heap corruption

Summary

Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.

Severity ?

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

glibc

References

URL

Tags

	https://sourceware.org/bugzilla/show_bug.cgi?id=33796
	https://sourceware.org/git/?p=glibc.git;a=blob_pl…

Impacted products

	Vendor	Product	Version
	The GNU C Library	glibc	Affected: 2.30 , ≤ 2.42 (custom)

Date Public ?

2026-01-14 05:00

Credits

Igor Morgenstern, Aisle Research

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 8.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0861",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T21:24:01.342438Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-14T21:25:55.741Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-16T17:06:42.010Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/01/16/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "glibc",
          "vendor": "The GNU C Library",
          "versions": [
            {
              "lessThanOrEqual": "2.42",
              "status": "affected",
              "version": "2.30",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Igor Morgenstern, Aisle Research"
        }
      ],
      "datePublic": "2026-01-14T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\u003cbr\u003e\u003cbr\u003eNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this.  The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument.  This limits the malicious inputs for the alignment for memalign to the range [1\u0026lt;\u0026lt;62+ 1, 1\u0026lt;\u0026lt;63] and exactly 1\u0026lt;\u0026lt;63 for posix_memalign and aligned_alloc.\u003cbr\u003e\u003cbr\u003eTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice.  An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments."
            }
          ],
          "value": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this.  The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument.  This limits the malicious inputs for the alignment for memalign to the range [1\u003c\u003c62+ 1, 1\u003c\u003c63] and exactly 1\u003c\u003c63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice.  An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-129",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-129 Pointer Manipulation"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-16T14:37:33.544Z",
        "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "shortName": "glibc"
      },
      "references": [
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33796"
        },
        {
          "url": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Integer overflow in memalign leads to heap corruption",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
    "assignerShortName": "glibc",
    "cveId": "CVE-2026-0861",
    "datePublished": "2026-01-14T21:01:11.037Z",
    "dateReserved": "2026-01-12T14:35:11.285Z",
    "dateUpdated": "2026-01-16T17:06:42.010Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4437 (GCVE-0-2026-4437)

Vulnerability from cvelistv5 – Published: 2026-03-20 19:59 – Updated: 2026-03-23 15:13

Title

gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response

Summary

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-125 - Out-of-bounds read

Assigner

glibc

References

URL

Tags

https://sourceware.org/bugzilla/show_bug.cgi?id=34014

Impacted products

	Vendor	Product	Version
	The GNU C Library	glibc	Affected: 2.34 , ≤ 2.43 (custom)

Date Public ?

2026-03-20 22:20

Credits

Antonio Maini (0rbitingZer0) - 0rbitingZer0@proton.me Kevin Farrell

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4437",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-23T15:10:34.650805Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-23T15:13:56.930Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "glibc",
          "vendor": "The GNU C Library",
          "versions": [
            {
              "lessThanOrEqual": "2.43",
              "status": "affected",
              "version": "2.34",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Antonio Maini (0rbitingZer0) - 0rbitingZer0@proton.me"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Kevin Farrell"
        }
      ],
      "datePublic": "2026-03-20T22:20:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eCalling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library\u0027s DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library\u0027s DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-142",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-142 DNS Cache Poisoning"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T19:59:00.427Z",
        "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "shortName": "glibc"
      },
      "references": [
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34014"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
    "assignerShortName": "glibc",
    "cveId": "CVE-2026-4437",
    "datePublished": "2026-03-20T19:59:00.427Z",
    "dateReserved": "2026-03-19T19:55:42.906Z",
    "dateUpdated": "2026-03-23T15:13:56.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:7316

CVE-2026-4438 (GCVE-0-2026-4438)

CVE-2026-0915 (GCVE-0-2026-0915)

CVE-2025-15281 (GCVE-0-2025-15281)

CVE-2026-3904 (GCVE-0-2026-3904)

CVE-2026-0861 (GCVE-0-2026-0861)

CVE-2026-4437 (GCVE-0-2026-4437)

Tags

Sightings

Nomenclature