UBUNTU-CVE-2023-4806
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2023-4806
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-4806.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-4806
- Related
- Published
- 2023-09-18T17:15:00Z
- Modified
- 2023-09-18T17:15:00Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nss_gethostbyname2_r and _nss_getcanonnamer hooks without implementing the nss*gethostbyname3r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AFINET6 address family with AICANONNAME, AIALL and AIV4MAPPED as flags.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / eglibc
Package
- Name
- eglibc
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.17-93ubuntu4
2.18-0ubuntu1
2.18-0ubuntu2
2.18-0ubuntu4
2.18-0ubuntu5
2.18-0ubuntu6
2.18-0ubuntu7
2.19-0ubuntu2
2.19-0ubuntu3
2.19-0ubuntu4
2.19-0ubuntu5
2.19-0ubuntu6
2.19-0ubuntu6.1
2.19-0ubuntu6.3
2.19-0ubuntu6.4
2.19-0ubuntu6.5
2.19-0ubuntu6.6
2.19-0ubuntu6.7
2.19-0ubuntu6.8
2.19-0ubuntu6.9
2.19-0ubuntu6.10
2.19-0ubuntu6.11
2.19-0ubuntu6.13
2.19-0ubuntu6.14
2.19-0ubuntu6.15
2.19-0ubuntu6.15+esm1
2.19-0ubuntu6.15+esm2
2.19-0ubuntu6.15+esm3
Ubuntu:Pro:16.04:LTS / glibc
Package
- Name
- glibc
- Purl
- pkg:deb/ubuntu/glibc@2.23-0ubuntu11.3+esm5?arch=src?distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.23-0ubuntu11.3+esm5
Affected versions
2.*
2.21-0ubuntu4
2.21-0ubuntu5
2.21-0ubuntu6
2.23-0ubuntu1
2.23-0ubuntu2
2.23-0ubuntu3
2.23-0ubuntu4
2.23-0ubuntu5
2.23-0ubuntu6
2.23-0ubuntu7
2.23-0ubuntu9
2.23-0ubuntu10
2.23-0ubuntu11
2.23-0ubuntu11.2
2.23-0ubuntu11.3
2.23-0ubuntu11.3+esm1
2.23-0ubuntu11.3+esm2
2.23-0ubuntu11.3+esm3
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "low",
"binaries": [
{
"libc6-s390-dbgsym": "2.23-0ubuntu11.3+esm5",
"libc6-dev": "2.23-0ubuntu11.3+esm5",
"libc6-udeb-dbgsym": "2.23-0ubuntu11.3+esm5",
"multiarch-support": "2.23-0ubuntu11.3+esm5",
"libc6-dev-s390": "2.23-0ubuntu11.3+esm5",
"libc6-dev-i386": "2.23-0ubuntu11.3+esm5",
"locales-all": "2.23-0ubuntu11.3+esm5",
"libc6-amd64-dbgsym": "2.23-0ubuntu11.3+esm5",
"glibc-source": "2.23-0ubuntu11.3+esm5",
"libc6-dev-amd64": "2.23-0ubuntu11.3+esm5",
"libc6-pic": "2.23-0ubuntu11.3+esm5",
"nscd-dbgsym": "2.23-0ubuntu11.3+esm5",
"nscd": "2.23-0ubuntu11.3+esm5",
"glibc-doc": "2.23-0ubuntu11.3+esm5",
"libc6-armel": "2.23-0ubuntu11.3+esm5",
"libc6-dbg": "2.23-0ubuntu11.3+esm5",
"libc6": "2.23-0ubuntu11.3+esm5",
"libc6-armel-dbgsym": "2.23-0ubuntu11.3+esm5",
"libc-bin": "2.23-0ubuntu11.3+esm5",
"libc6-i386": "2.23-0ubuntu11.3+esm5",
"libc6-udeb": "2.23-0ubuntu11.3+esm5",
"libc6-dev-x32": "2.23-0ubuntu11.3+esm5",
"libc-bin-dbgsym": "2.23-0ubuntu11.3+esm5",
"libc-dev-bin": "2.23-0ubuntu11.3+esm5",
"libc6-amd64": "2.23-0ubuntu11.3+esm5",
"libc6-x32": "2.23-0ubuntu11.3+esm5",
"libc6-dbgsym": "2.23-0ubuntu11.3+esm5",
"libc6-s390": "2.23-0ubuntu11.3+esm5",
"libc6-dev-armel": "2.23-0ubuntu11.3+esm5",
"libc6-i386-dbgsym": "2.23-0ubuntu11.3+esm5",
"locales": "2.23-0ubuntu11.3+esm5",
"libc-dev-bin-dbgsym": "2.23-0ubuntu11.3+esm5",
"libc6-x32-dbgsym": "2.23-0ubuntu11.3+esm5"
}
],
"priority_reason": "No known NSS modules expose the vulnerability"
}
Ubuntu:Pro:18.04:LTS / glibc
Package
- Name
- glibc
- Purl
- pkg:deb/ubuntu/glibc@2.27-3ubuntu1.6+esm1?arch=src?distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.27-3ubuntu1.6+esm1
Affected versions
2.*
2.26-0ubuntu2
2.26-0ubuntu2.1
2.27-0ubuntu2
2.27-0ubuntu3
2.27-3ubuntu1
2.27-3ubuntu1.2
2.27-3ubuntu1.3
2.27-3ubuntu1.4
2.27-3ubuntu1.5
2.27-3ubuntu1.6
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "low",
"binaries": [
{
"libc6-s390-dbgsym": "2.27-3ubuntu1.6+esm1",
"libc6-dev": "2.27-3ubuntu1.6+esm1",
"multiarch-support": "2.27-3ubuntu1.6+esm1",
"libc6-dev-s390": "2.27-3ubuntu1.6+esm1",
"libc6-dev-i386": "2.27-3ubuntu1.6+esm1",
"locales-all": "2.27-3ubuntu1.6+esm1",
"libc6-amd64-dbgsym": "2.27-3ubuntu1.6+esm1",
"libc6-pic": "2.27-3ubuntu1.6+esm1",
"glibc-source": "2.27-3ubuntu1.6+esm1",
"libc6-dev-amd64": "2.27-3ubuntu1.6+esm1",
"nscd-dbgsym": "2.27-3ubuntu1.6+esm1",
"nscd": "2.27-3ubuntu1.6+esm1",
"glibc-doc": "2.27-3ubuntu1.6+esm1",
"libc6-armel": "2.27-3ubuntu1.6+esm1",
"libc6-armel-dbgsym": "2.27-3ubuntu1.6+esm1",
"libc6": "2.27-3ubuntu1.6+esm1",
"libc6-dbg": "2.27-3ubuntu1.6+esm1",
"libc-bin": "2.27-3ubuntu1.6+esm1",
"libc6-i386": "2.27-3ubuntu1.6+esm1",
"libc6-udeb": "2.27-3ubuntu1.6+esm1",
"libc6-dev-x32": "2.27-3ubuntu1.6+esm1",
"libc-bin-dbgsym": "2.27-3ubuntu1.6+esm1",
"libc-dev-bin": "2.27-3ubuntu1.6+esm1",
"libc6-amd64": "2.27-3ubuntu1.6+esm1",
"libc6-x32": "2.27-3ubuntu1.6+esm1",
"libc6-s390": "2.27-3ubuntu1.6+esm1",
"libc6-dev-armel": "2.27-3ubuntu1.6+esm1",
"libc6-i386-dbgsym": "2.27-3ubuntu1.6+esm1",
"locales": "2.27-3ubuntu1.6+esm1",
"libc6-lse": "2.27-3ubuntu1.6+esm1",
"libc-dev-bin-dbgsym": "2.27-3ubuntu1.6+esm1",
"libc6-x32-dbgsym": "2.27-3ubuntu1.6+esm1"
}
],
"priority_reason": "No known NSS modules expose the vulnerability"
}
Ubuntu:20.04:LTS / glibc
Package
- Name
- glibc
- Purl
- pkg:deb/ubuntu/glibc@2.31-0ubuntu9.14?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.31-0ubuntu9.14
Affected versions
2.*
2.30-0ubuntu2
2.30-0ubuntu3
2.31-0ubuntu5
2.31-0ubuntu6
2.31-0ubuntu7
2.31-0ubuntu9
2.31-0ubuntu9.1
2.31-0ubuntu9.2
2.31-0ubuntu9.3
2.31-0ubuntu9.7
2.31-0ubuntu9.9
2.31-0ubuntu9.12
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"libc6-s390-dbgsym": "2.31-0ubuntu9.14",
"libc6-dev": "2.31-0ubuntu9.14",
"libc6-dev-s390": "2.31-0ubuntu9.14",
"libc6-dev-i386": "2.31-0ubuntu9.14",
"locales-all": "2.31-0ubuntu9.14",
"libc6-amd64-dbgsym": "2.31-0ubuntu9.14",
"libc6-pic": "2.31-0ubuntu9.14",
"glibc-source": "2.31-0ubuntu9.14",
"libc6-dev-amd64": "2.31-0ubuntu9.14",
"nscd-dbgsym": "2.31-0ubuntu9.14",
"nscd": "2.31-0ubuntu9.14",
"glibc-doc": "2.31-0ubuntu9.14",
"libc6-armel": "2.31-0ubuntu9.14",
"libc6-armel-dbgsym": "2.31-0ubuntu9.14",
"libc6": "2.31-0ubuntu9.14",
"libc6-dbg": "2.31-0ubuntu9.14",
"libc-bin": "2.31-0ubuntu9.14",
"libc6-i386": "2.31-0ubuntu9.14",
"libc6-udeb": "2.31-0ubuntu9.14",
"libc6-dev-x32": "2.31-0ubuntu9.14",
"libc-bin-dbgsym": "2.31-0ubuntu9.14",
"libc-dev-bin": "2.31-0ubuntu9.14",
"libc6-amd64": "2.31-0ubuntu9.14",
"libc6-x32": "2.31-0ubuntu9.14",
"libc6-prof": "2.31-0ubuntu9.14",
"libc6-s390": "2.31-0ubuntu9.14",
"libc6-dev-armel": "2.31-0ubuntu9.14",
"libc6-i386-dbgsym": "2.31-0ubuntu9.14",
"locales": "2.31-0ubuntu9.14",
"libc6-lse": "2.31-0ubuntu9.14",
"libc-dev-bin-dbgsym": "2.31-0ubuntu9.14",
"libc6-x32-dbgsym": "2.31-0ubuntu9.14"
}
],
"priority_reason": "No known NSS modules expose the vulnerability"
}
Ubuntu:22.04:LTS / glibc
Package
- Name
- glibc
- Purl
- pkg:deb/ubuntu/glibc@2.35-0ubuntu3.5?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.35-0ubuntu3.5
Affected versions
2.*
2.34-0ubuntu3
2.35-0ubuntu1
2.35-0ubuntu3
2.35-0ubuntu3.1
2.35-0ubuntu3.3
2.35-0ubuntu3.4
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"libc6-s390-dbgsym": "2.35-0ubuntu3.5",
"libc6-dev": "2.35-0ubuntu3.5",
"libc6-dev-s390": "2.35-0ubuntu3.5",
"libc6-dev-i386": "2.35-0ubuntu3.5",
"locales-all": "2.35-0ubuntu3.5",
"libc6-amd64-dbgsym": "2.35-0ubuntu3.5",
"glibc-source": "2.35-0ubuntu3.5",
"libc6-dev-amd64": "2.35-0ubuntu3.5",
"nscd-dbgsym": "2.35-0ubuntu3.5",
"nscd": "2.35-0ubuntu3.5",
"glibc-doc": "2.35-0ubuntu3.5",
"libc6-dbg": "2.35-0ubuntu3.5",
"libc6": "2.35-0ubuntu3.5",
"libc-bin": "2.35-0ubuntu3.5",
"libc6-i386": "2.35-0ubuntu3.5",
"libc6-dev-x32": "2.35-0ubuntu3.5",
"libc-bin-dbgsym": "2.35-0ubuntu3.5",
"libc-dev-bin": "2.35-0ubuntu3.5",
"libc6-amd64": "2.35-0ubuntu3.5",
"libc6-x32": "2.35-0ubuntu3.5",
"libc6-prof": "2.35-0ubuntu3.5",
"libc-devtools": "2.35-0ubuntu3.5",
"libc-devtools-dbgsym": "2.35-0ubuntu3.5",
"libc6-s390": "2.35-0ubuntu3.5",
"libc6-i386-dbgsym": "2.35-0ubuntu3.5",
"locales": "2.35-0ubuntu3.5",
"libc-dev-bin-dbgsym": "2.35-0ubuntu3.5",
"libc6-x32-dbgsym": "2.35-0ubuntu3.5"
}
],
"priority_reason": "No known NSS modules expose the vulnerability"
}