Nixpkgs security tracker

Untriaged

Permalink CVE-2023-4813

5.9 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 11 months, 2 weeks ago

Glibc: potential use-after-free in gaih_inet()

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

References

RHSA-2023:5453 vendor-advisoryx_transferredx_refsource_REDHAT
RHSA-2023:5455 vendor-advisoryx_transferredx_refsource_REDHAT
RHSA-2023:7409 vendor-advisoryx_transferredx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-4813 x_transferredvdb-entryx_refsource_REDHAT
RHBZ#2237798 x_transferredissue-trackingx_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2023/10/03/8 x_transferred
https://security.netapp.com/advisory/ntap-20231110-0003/ x_transferred
RHBA-2024:2413 vendor-advisoryx_refsource_REDHAT

Affected products

glibc

==2.36
*

compat-glibc

Matching in nixpkgs

pkgs.glibc

GNU C Library

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.iconv

GNU C Library

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.getent

None

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.locale

None

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.getconf

None

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.libiconv

None

nixos-unstable 2.40
- nixpkgs-unstable 2.40
- nixos-unstable-small 2.40

pkgs.glibcInfo

GNU Info manual of the GNU C Library

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.glibc_multi

None

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.glibcLocales

Locale information for the GNU C Library

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.glibc_memusage

GNU C Library

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.glibcLocalesUtf8

Locale information for the GNU C Library

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.unixtools.getent

None

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.unixtools.locale

None

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

pkgs.unixtools.getconf

None

nixos-unstable 2.40-36
- nixpkgs-unstable 2.40-36
- nixos-unstable-small 2.40-36

Package maintainers

@Ma27 Maximilian Bosch <maximilian@mbosch.me>
@ConnorBaker Connor Baker <ConnorBaker01@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.glibc

pkgs.iconv

pkgs.getent

pkgs.locale

pkgs.mtrace

pkgs.getconf

pkgs.libiconv

pkgs.glibcInfo

pkgs.glibc_multi

pkgs.glibcLocales

pkgs.glibc_memusage

pkgs.glibcLocalesUtf8

pkgs.unixtools.getent

pkgs.unixtools.locale

pkgs.unixtools.getconf

Package maintainers