Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-4527

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): HIGH

created 6 months, 1 week ago

Glibc: stack read overflow in getaddrinfo in no-aaaa mode

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

References

http://www.openwall.com/lists/oss-security/2023/09/25/1
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry
RHBZ#2234712 issue-tracking x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://security.gentoo.org/glsa/202310-03
https://security.netapp.com/advisory/ntap-20231116-0012/
http://www.openwall.com/lists/oss-security/2023/09/25/1
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry
RHBZ#2234712 issue-tracking x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://security.gentoo.org/glsa/202310-03
https://security.netapp.com/advisory/ntap-20231116-0012/
https://security.netapp.com/advisory/ntap-20231116-0012/
http://www.openwall.com/lists/oss-security/2023/09/25/1
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry
RHBZ#2234712 issue-tracking x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://security.gentoo.org/glsa/202310-03
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry
RHBZ#2234712 issue-tracking x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://security.gentoo.org/glsa/202310-03
https://security.netapp.com/advisory/ntap-20231116-0012/
http://www.openwall.com/lists/oss-security/2023/09/25/1
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory
http://www.openwall.com/lists/oss-security/2023/09/25/1 x_transferred
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2234712 issue-tracking x_refsource_REDHAT x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://security.gentoo.org/glsa/202310-03 x_transferred
https://security.netapp.com/advisory/ntap-20231116-0012/ x_transferred
http://www.openwall.com/lists/oss-security/2023/09/25/1
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry
RHBZ#2234712 issue-tracking x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://security.gentoo.org/glsa/202310-03
https://security.netapp.com/advisory/ntap-20231116-0012/
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2234712 issue-tracking x_refsource_REDHAT x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://security.gentoo.org/glsa/202310-03 x_transferred
https://security.netapp.com/advisory/ntap-20231116-0012/ x_transferred
http://www.openwall.com/lists/oss-security/2023/09/25/1 x_transferred
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory x_transferred
http://www.openwall.com/lists/oss-security/2023/09/25/1
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry
RHBZ#2234712 issue-tracking x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://security.gentoo.org/glsa/202310-03
https://security.netapp.com/advisory/ntap-20231116-0012/
http://www.openwall.com/lists/oss-security/2023/09/25/1 x_transferred
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2234712 issue-tracking x_refsource_REDHAT x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://security.gentoo.org/glsa/202310-03 x_transferred
https://security.netapp.com/advisory/ntap-20231116-0012/ x_transferred
RHBZ#2234712 issue-tracking x_refsource_REDHAT
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry
http://www.openwall.com/lists/oss-security/2023/09/25/1 x_transferred
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2234712 issue-tracking x_refsource_REDHAT x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://security.gentoo.org/glsa/202310-03 x_transferred
https://security.netapp.com/advisory/ntap-20231116-0012/ x_transferred
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry
RHBZ#2234712 issue-tracking x_refsource_REDHAT
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory
http://www.openwall.com/lists/oss-security/2023/09/25/1 x_transferred
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2234712 issue-tracking x_refsource_REDHAT x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://security.gentoo.org/glsa/202310-03 x_transferred
https://security.netapp.com/advisory/ntap-20231116-0012/ x_transferred
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry
RHBZ#2234712 issue-tracking x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2023/09/25/1 x_transferred
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2234712 issue-tracking x_refsource_REDHAT x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://security.gentoo.org/glsa/202310-03 x_transferred
https://security.netapp.com/advisory/ntap-20231116-0012/ x_transferred
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry
RHBZ#2234712 issue-tracking x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2023/09/25/1 x_transferred
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2234712 issue-tracking x_refsource_REDHAT x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://security.gentoo.org/glsa/202310-03 x_transferred
https://security.netapp.com/advisory/ntap-20231116-0012/ x_transferred
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry
RHBZ#2234712 issue-tracking x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2023/09/25/1 x_transferred
RHSA-2023:5453 x_refsource_REDHAT vendor-advisory x_transferred
RHSA-2023:5455 x_refsource_REDHAT vendor-advisory x_transferred
https://access.redhat.com/security/cve/CVE-2023-4527 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2234712 issue-tracking x_refsource_REDHAT x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://security.gentoo.org/glsa/202310-03 x_transferred
https://security.netapp.com/advisory/ntap-20231116-0012/ x_transferred

Affected products

glibc

compat-glibc

Matching in nixpkgs

pkgs.libc

GNU C Library

nixos-unstable -
- nixpkgs-unstable 2.40-66

pkgs.glibc

GNU C Library

nixos-unstable -
- nixpkgs-unstable 2.40-66

pkgs.iconv

GNU C Library

nixos-unstable -
- nixpkgs-unstable 2.40-66

pkgs.getent

None

nixos-unstable -
- nixpkgs-unstable 2.40-66

pkgs.locale

None

nixos-unstable -
- nixpkgs-unstable 2.40-66

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)