Nixpkgs security tracker

Untriaged

Permalink CVE-2023-5156

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 1 year, 3 months ago

Glibc: dos due to memory leak in getaddrinfo.c

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

References

https://access.redhat.com/security/cve/CVE-2023-5156 x_transferredvdb-entryx_refsource_REDHAT
RHBZ#2240541 x_transferredissue-trackingx_refsource_REDHAT
https://sourceware.org/bugzilla/show_bug.cgi?id=30884 x_transferred
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebed… x_transferred
http://www.openwall.com/lists/oss-security/2023/10/03/4 x_transferred
http://www.openwall.com/lists/oss-security/2023/10/03/5 x_transferred
http://www.openwall.com/lists/oss-security/2023/10/03/6 x_transferred
http://www.openwall.com/lists/oss-security/2023/10/03/8 x_transferred
https://security.gentoo.org/glsa/202402-01 x_transferred

Affected products

glibc

==2.39

compat-glibc

Matching in nixpkgs

pkgs.glibc

GNU C Library

nixos-unstable 2.40-36

pkgs.iconv

GNU C Library

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.getent

None

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.locale

None

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.getconf

None

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.libiconv

None

nixos-unstable 2.40
- nixpkgs-unstable 2.40
- nixos-unstable-small 2.40

pkgs.glibcInfo

GNU Info manual of the GNU C Library

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.glibc_multi

None

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.glibcLocales

Locale information for the GNU C Library

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.glibc_memusage

GNU C Library

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.glibcLocalesUtf8

Locale information for the GNU C Library

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.unixtools.getent

None

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.unixtools.locale

None

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.unixtools.getconf

None

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

Package maintainers

@ConnorBaker Connor Baker <ConnorBaker01@gmail.com>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.glibc

pkgs.iconv

pkgs.getent

pkgs.locale

pkgs.mtrace

pkgs.getconf

pkgs.libiconv

pkgs.glibcInfo

pkgs.glibc_multi

pkgs.glibcLocales

pkgs.glibc_memusage

pkgs.glibcLocalesUtf8

pkgs.unixtools.getent

pkgs.unixtools.locale

pkgs.unixtools.getconf

Package maintainers