Fluid Attacks Database

Description

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	glibc	=2.36-9 \|\| =2.36-9+deb12u1 \|\| =2.36-9+deb12u2 \|\| >=0 <2.36-9+deb12u3	2.36-9+deb12u3
debian 13	glibc	>=0 <2.37-9	2.37-9
debian 14	glibc	>=0 <2.37-9	2.37-9
rpm rhel9	glibc	<0:2.34-60.el9_2.7	0:2.34-60.el9_2.7
rpm rhel8	glibc	<0:2.28-225.el8_8.6	0:2.28-225.el8_8.6

Aliases

1. CVE-2023-45272. NVD-2023-45273. OSV-DEBIAN-2023-45274. OSV-2023-45275. SECURITY-TRACKER-CVE-2023-4527