A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
This vulnerability has a CVSS score of 6.5, classified as medium severity. The implications of this vulnerability are significant, as it may lead to information leakage and system instability.
Risk to organizations includes the possibility of unauthorized access to sensitive information and potential system crashes. Given its nature, organizations should prioritize patching immediately.
As of now, there are no known public exploits for this vulnerability in the wild, but it is important to remain vigilant and monitor for any changes in its exploitability status.
Organizations using affected versions of glibc should take immediate action to address this vulnerability.
Vulnerability Details
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
The CVSS score for this vulnerability is 6.5, indicating medium severity. The vulnerability affects multiple versions of glibc, specifically versions starting from 2.36 to less than 2.36.113, as well as 2.37 to less than 2.37.38, and 2.38 to less than 2.38.19.
The affected products include glibc, Red Hat Enterprise Linux, and various CodeReady Linux Builder versions. The flaw was published on September 18, 2023.
Technical Analysis
The root cause of this vulnerability lies in the handling of DNS responses within the getaddrinfo function. The function can be exploited when it processes responses larger than 2048 bytes, potentially leading to a stack overflow and crashes.
The attack vector for this vulnerability is network-based, requiring no user interaction and no privileges. The attack complexity is considered high, as it involves specific configurations for exploitation.
The impacts of successful exploitation could include a loss of confidentiality, as sensitive data may become exposed, and a high availability impact, given that the system may crash.
Risk & Impact Analysis
Real-world deployment risk is significant, as organizations utilizing affected versions may face unauthorized access to sensitive data and system crashes. This vulnerability particularly affects environments configured with specific DNS settings, increasing the blast radius potential.
Organizations should address this issue in their priority patch cycle, given its medium severity and potential impact on business operations.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | Yes |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
The following versions of glibc are affected: 2.36 (up to but not including 2.36.113), 2.37 (up to but not including 2.37.38), and 2.38 (up to but not including 2.38.19). Other affected products include various versions of Red Hat Enterprise Linux and CodeReady Linux Builder.
Mitigation & Remediation
Organizations should prioritize patching glibc to versions that have addressed this vulnerability. Specific patches can be found in the Red Hat advisories linked below.
Continuous penetration testing can also help to ensure that the deployment remains secure against similar vulnerabilities.
Detection Guidance
Organizations should monitor logs for unusual DNS requests and analyze system behavior for crashes or unexpected terminations related to the getaddrinfo function.
AppSecure Threat Intelligence Insight
The long-term significance of this vulnerability highlights the ongoing security challenges associated with network protocols and their implementations. It underscores the importance of continuous monitoring and proactive security measures.
Security teams should consider adopting a comprehensive vulnerability management program to identify and remediate similar weaknesses across their systems.
Additionally, organizations should invest in penetration testing to evaluate their defenses against similar vulnerabilities.
This incident serves as a reminder of the critical need for robust security practices and the importance of timely updates to software components.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)