Sign In

CVE-2023-4527

ADVISORY - nist

Summary

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

EPSS Score: 0.00105 (0.292)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-121

Stack-based Buffer Overflow

CWE-125

Out-of-bounds Read

ADVISORY - redhat

CWE-121

Stack-based Buffer Overflow

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in