UBUNTU-CVE-2023-4806
- Source
- https://ubuntu.com/security/CVE-2023-4806
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-4806.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2023-4806
- Upstream
- Downstream
- Related
- Published
- 2023-09-18T17:15:00Z
- Modified
- 2025-10-02T05:05:51Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nss_gethostbyname2_r and _nss_getcanonnamer hooks without implementing the nss*gethostbyname3r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AFINET6 address family with AICANONNAME, AIALL and AIV4MAPPED as flags.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / eglibc
Package
- Name
- eglibc
- Purl
- pkg:deb/ubuntu/eglibc@2.19-0ubuntu6.15+esm4?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.17-93ubuntu4
2.18-0ubuntu1
2.18-0ubuntu2
2.18-0ubuntu4
2.18-0ubuntu5
2.18-0ubuntu6
2.18-0ubuntu7
2.19-0ubuntu2
2.19-0ubuntu3
2.19-0ubuntu4
2.19-0ubuntu5
2.19-0ubuntu6
2.19-0ubuntu6.1
2.19-0ubuntu6.3
2.19-0ubuntu6.4
2.19-0ubuntu6.5
2.19-0ubuntu6.6
2.19-0ubuntu6.7
2.19-0ubuntu6.8
2.19-0ubuntu6.9
2.19-0ubuntu6.10
2.19-0ubuntu6.11
2.19-0ubuntu6.13
2.19-0ubuntu6.14
2.19-0ubuntu6.15
2.19-0ubuntu6.15+esm1
2.19-0ubuntu6.15+esm2
2.19-0ubuntu6.15+esm3
2.19-0ubuntu6.15+esm4
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.19-0ubuntu6.15+esm4",
"binary_name": "eglibc-source"
},
{
"binary_version": "2.19-0ubuntu6.15+esm4",
"binary_name": "libc-bin"
},
{
"binary_version": "2.19-0ubuntu6.15+esm4",
"binary_name": "libc-dev-bin"
},
{
"binary_version": "2.19-0ubuntu6.15+esm4",
"binary_name": "libc6"
},
{
"binary_version": "2.19-0ubuntu6.15+esm4",
"binary_name": "libc6-amd64"
},
{
"binary_version": "2.19-0ubuntu6.15+esm4",
"binary_name": "libc6-armel"
},
{
"binary_version": "2.19-0ubuntu6.15+esm4",
"binary_name": "libc6-dev"
},
{
"binary_version": "2.19-0ubuntu6.15+esm4",
"binary_name": "libc6-dev-amd64"
},
{
"binary_version": "2.19-0ubuntu6.15+esm4",
"binary_name": "libc6-dev-armel"
},
{
"binary_version": "2.19-0ubuntu6.15+esm4",
"binary_name": "libc6-dev-i386"
},
{
"binary_version": "2.19-0ubuntu6.15+esm4",
"binary_name": "libc6-dev-x32"
},
{
"binary_version": "2.19-0ubuntu6.15+esm4",
"binary_name": "libc6-i386"
},
{
"binary_version": "2.19-0ubuntu6.15+esm4",
"binary_name": "libc6-pic"
},
{
"binary_version": "2.19-0ubuntu6.15+esm4",
"binary_name": "libc6-prof"
},
{
"binary_version": "2.19-0ubuntu6.15+esm4",
"binary_name": "libc6-x32"
},
{
"binary_version": "2.19-0ubuntu6.15+esm4",
"binary_name": "multiarch-support"
},
{
"binary_version": "2.19-0ubuntu6.15+esm4",
"binary_name": "nscd"
}
],
"priority_reason": "No known NSS modules expose the vulnerability"
}
Ubuntu:Pro:16.04:LTS / glibc
Package
- Name
- glibc
- Purl
- pkg:deb/ubuntu/glibc@2.23-0ubuntu11.3+esm5?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.23-0ubuntu11.3+esm5
Affected versions
2.*
2.21-0ubuntu4
2.21-0ubuntu5
2.21-0ubuntu6
2.23-0ubuntu1
2.23-0ubuntu2
2.23-0ubuntu3
2.23-0ubuntu4
2.23-0ubuntu5
2.23-0ubuntu6
2.23-0ubuntu7
2.23-0ubuntu9
2.23-0ubuntu10
2.23-0ubuntu11
2.23-0ubuntu11.2
2.23-0ubuntu11.3
2.23-0ubuntu11.3+esm1
2.23-0ubuntu11.3+esm2
2.23-0ubuntu11.3+esm3
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "glibc-source"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "libc-bin"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "libc-dev-bin"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "libc6"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "libc6-amd64"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "libc6-armel"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "libc6-dev"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "libc6-dev-amd64"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "libc6-dev-armel"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "libc6-dev-i386"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "libc6-dev-s390"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "libc6-dev-x32"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "libc6-i386"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "libc6-pic"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "libc6-s390"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "libc6-x32"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "locales"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "locales-all"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "multiarch-support"
},
{
"binary_version": "2.23-0ubuntu11.3+esm5",
"binary_name": "nscd"
}
],
"priority_reason": "No known NSS modules expose the vulnerability",
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Ubuntu:Pro:18.04:LTS / glibc
Package
- Name
- glibc
- Purl
- pkg:deb/ubuntu/glibc@2.27-3ubuntu1.6+esm1?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.27-3ubuntu1.6+esm1
Affected versions
2.*
2.26-0ubuntu2
2.26-0ubuntu2.1
2.27-0ubuntu2
2.27-0ubuntu3
2.27-3ubuntu1
2.27-3ubuntu1.2
2.27-3ubuntu1.3
2.27-3ubuntu1.4
2.27-3ubuntu1.5
2.27-3ubuntu1.6
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "glibc-source"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "libc-bin"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "libc-dev-bin"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "libc6"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "libc6-amd64"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "libc6-armel"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "libc6-dev"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "libc6-dev-amd64"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "libc6-dev-armel"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "libc6-dev-i386"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "libc6-dev-s390"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "libc6-dev-x32"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "libc6-i386"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "libc6-lse"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "libc6-pic"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "libc6-s390"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "libc6-x32"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "locales"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "locales-all"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "multiarch-support"
},
{
"binary_version": "2.27-3ubuntu1.6+esm1",
"binary_name": "nscd"
}
],
"priority_reason": "No known NSS modules expose the vulnerability",
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Ubuntu:20.04:LTS / glibc
Package
- Name
- glibc
- Purl
- pkg:deb/ubuntu/glibc@2.31-0ubuntu9.14?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.31-0ubuntu9.14
Affected versions
2.*
2.30-0ubuntu2
2.30-0ubuntu3
2.31-0ubuntu5
2.31-0ubuntu6
2.31-0ubuntu7
2.31-0ubuntu9
2.31-0ubuntu9.1
2.31-0ubuntu9.2
2.31-0ubuntu9.3
2.31-0ubuntu9.7
2.31-0ubuntu9.9
2.31-0ubuntu9.12
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "glibc-source"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "libc-bin"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "libc-dev-bin"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "libc6"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "libc6-amd64"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "libc6-armel"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "libc6-dev"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "libc6-dev-amd64"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "libc6-dev-armel"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "libc6-dev-i386"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "libc6-dev-s390"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "libc6-dev-x32"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "libc6-i386"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "libc6-lse"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "libc6-pic"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "libc6-prof"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "libc6-s390"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "libc6-x32"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "locales"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "locales-all"
},
{
"binary_version": "2.31-0ubuntu9.14",
"binary_name": "nscd"
}
],
"priority_reason": "No known NSS modules expose the vulnerability",
"availability": "No subscription required"
}
Ubuntu:22.04:LTS / glibc
Package
- Name
- glibc
- Purl
- pkg:deb/ubuntu/glibc@2.35-0ubuntu3.5?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.35-0ubuntu3.5
Affected versions
2.*
2.34-0ubuntu3
2.35-0ubuntu1
2.35-0ubuntu3
2.35-0ubuntu3.1
2.35-0ubuntu3.3
2.35-0ubuntu3.4
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.35-0ubuntu3.5",
"binary_name": "glibc-source"
},
{
"binary_version": "2.35-0ubuntu3.5",
"binary_name": "libc-bin"
},
{
"binary_version": "2.35-0ubuntu3.5",
"binary_name": "libc-dev-bin"
},
{
"binary_version": "2.35-0ubuntu3.5",
"binary_name": "libc-devtools"
},
{
"binary_version": "2.35-0ubuntu3.5",
"binary_name": "libc6"
},
{
"binary_version": "2.35-0ubuntu3.5",
"binary_name": "libc6-amd64"
},
{
"binary_version": "2.35-0ubuntu3.5",
"binary_name": "libc6-dev"
},
{
"binary_version": "2.35-0ubuntu3.5",
"binary_name": "libc6-dev-amd64"
},
{
"binary_version": "2.35-0ubuntu3.5",
"binary_name": "libc6-dev-i386"
},
{
"binary_version": "2.35-0ubuntu3.5",
"binary_name": "libc6-dev-s390"
},
{
"binary_version": "2.35-0ubuntu3.5",
"binary_name": "libc6-dev-x32"
},
{
"binary_version": "2.35-0ubuntu3.5",
"binary_name": "libc6-i386"
},
{
"binary_version": "2.35-0ubuntu3.5",
"binary_name": "libc6-prof"
},
{
"binary_version": "2.35-0ubuntu3.5",
"binary_name": "libc6-s390"
},
{
"binary_version": "2.35-0ubuntu3.5",
"binary_name": "libc6-x32"
},
{
"binary_version": "2.35-0ubuntu3.5",
"binary_name": "locales"
},
{
"binary_version": "2.35-0ubuntu3.5",
"binary_name": "locales-all"
},
{
"binary_version": "2.35-0ubuntu3.5",
"binary_name": "nscd"
}
],
"priority_reason": "No known NSS modules expose the vulnerability",
"availability": "No subscription required"
}