CVE 2023-4527
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
Related bugs and status
CVE-2023-4527 (Candidate) is related to these bugs:
Bug #2031909: tinydns: allocation failures with glibc 2.38/s390x
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2031909 | tinydns: allocation failures with glibc 2.38/s390x | djbdns (Ubuntu) | Critical | Fix Released | ||
| 2031909 | tinydns: allocation failures with glibc 2.38/s390x | glibc (Ubuntu) | High | Fix Released | ||
| 2031909 | tinydns: allocation failures with glibc 2.38/s390x | djbdns (Debian) | Unknown | Fix Released | ||
Bug #2032624: mumax3 test suite fails against glibc 2.38
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2032624 | mumax3 test suite fails against glibc 2.38 | mumax3 (Ubuntu) | Critical | Fix Released | ||
| 2032624 | mumax3 test suite fails against glibc 2.38 | glibc (Ubuntu) | Medium | Won't Fix | ||
| 2032624 | mumax3 test suite fails against glibc 2.38 | nvidia-nccl (Ubuntu) | Undecided | Fix Released | ||
| 2032624 | mumax3 test suite fails against glibc 2.38 | cxref (Ubuntu) | Undecided | Fix Released | ||
| 2032624 | mumax3 test suite fails against glibc 2.38 | gauche-c-wrapper (Ubuntu) | Undecided | New | ||
| 2032624 | mumax3 test suite fails against glibc 2.38 | rocm-hipamd (Ubuntu) | Undecided | Fix Released | ||
| 2032624 | mumax3 test suite fails against glibc 2.38 | stdgpu-contrib (Ubuntu) | Undecided | New | ||
| 2032624 | mumax3 test suite fails against glibc 2.38 | cbmc (Ubuntu) | Undecided | Fix Released | ||
| 2032624 | mumax3 test suite fails against glibc 2.38 | GLibC | Medium | New | ||
| 2032624 | mumax3 test suite fails against glibc 2.38 | pyvkfft (Ubuntu) | Undecided | Fix Released | ||
| 2032624 | mumax3 test suite fails against glibc 2.38 | Ubuntu | Undecided | Fix Released | ||
| 2032624 | mumax3 test suite fails against glibc 2.38 | aspectc++ (Ubuntu) | Undecided | New | ||
| 2032624 | mumax3 test suite fails against glibc 2.38 | cbmc (Debian) | Unknown | Confirmed | ||
| 2032624 | mumax3 test suite fails against glibc 2.38 | aspectc++ (Debian) | Unknown | New | ||
| 2032624 | mumax3 test suite fails against glibc 2.38 | cxref (Debian) | Unknown | Fix Released | ||
| 2032624 | mumax3 test suite fails against glibc 2.38 | rocm-hipamd (Debian) | Unknown | New | ||
Bug #2037516: glibc: CVE-2023-5156: Memory leak in getaddrinfo after fix for CVE-2023-4806
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2037516 | glibc: CVE-2023-5156: Memory leak in getaddrinfo after fix for CVE-2023-4806 | glibc (Ubuntu) | Critical | Fix Released | ||
| 2037516 | glibc: CVE-2023-5156: Memory leak in getaddrinfo after fix for CVE-2023-4806 | glibc (Debian) | Unknown | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
