中危 getaddrinfo() 中潜在的释放后使用 (CVE-2023-4806)

CVE编号

CVE-2023-4806

利用情况

暂无

补丁情况

官方补丁

披露时间

2023-09-19
漏洞描述
A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
http://www.openwall.com/lists/oss-security/2023/10/03/4
http://www.openwall.com/lists/oss-security/2023/10/03/5
http://www.openwall.com/lists/oss-security/2023/10/03/6
http://www.openwall.com/lists/oss-security/2023/10/03/8
https://access.redhat.com/errata/RHSA-2023:5453
https://access.redhat.com/errata/RHSA-2023:5455
https://access.redhat.com/errata/RHSA-2023:7409
https://access.redhat.com/security/cve/CVE-2023-4806
https://bugzilla.redhat.com/show_bug.cgi?id=2237782
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://security.gentoo.org/glsa/202310-03
https://security.netapp.com/advisory/ntap-20240125-0008/
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 gnu glibc 2.33 -
运行在以下环境
系统 alibaba_cloud_linux_3 nscd * Up to
(excluding)
2.32-1.12.al8
运行在以下环境
系统 alma_linux_8 nscd * Up to
(excluding)
2.28-225.el8_8.6
运行在以下环境
系统 alma_linux_9 nscd * Up to
(excluding)
2.34-60.el9_2.7
运行在以下环境
系统 amazon_2023 glibc * Up to
(excluding)
2.34-52.amzn2023.0.6
运行在以下环境
系统 anolis_os_23 glibc * Up to
(excluding)
2.36-10
运行在以下环境
系统 anolis_os_8 nscd * Up to
(excluding)
2.28-225.0.4
运行在以下环境
系统 debian_12 glibc * Up to
(excluding)
2.36-9+deb12u3
运行在以下环境
系统 fedora_37 glibc * Up to
(excluding)
2.36-14.fc37
运行在以下环境
系统 fedora_38 glibc * Up to
(excluding)
2.37-10.fc38
运行在以下环境
系统 fedora_39 glibc * Up to
(excluding)
2.38-6.fc39
运行在以下环境
系统 oracle_8 nscd * Up to
(excluding)
2.28-225.0.4.ksplice1.el8_8.6
运行在以下环境
系统 oracle_9 nscd * Up to
(excluding)
2.34-60.0.3.ksplice1.el9_2.7
运行在以下环境
系统 redhat enterprise_linux 7.0 -
运行在以下环境
系统 redhat enterprise_linux 8.0 -
运行在以下环境
系统 redhat enterprise_linux 9.0 -
运行在以下环境
系统 redhat_8 nscd * Up to
(excluding)
2.28-225.el8_8.6
运行在以下环境
系统 redhat_9 nscd * Up to
(excluding)
2.34-60.el9_2.7
运行在以下环境
系统 rocky_linux_8 nscd * Up to
(excluding)
2.28-225.el8_8.6
运行在以下环境
系统 ubuntu_20.04 glibc * Up to
(excluding)
2.31-0ubuntu9.14
运行在以下环境
系统 ubuntu_22.04 glibc * Up to
(excluding)
2.35-0ubuntu3.5
阿里云评分
6.2
  • 攻击路径
    本地
  • 攻击复杂度
    复杂
  • 权限要求
    普通权限
  • 影响范围
    越权影响
  • EXP成熟度
    未验证
  • 补丁情况
    官方补丁
  • 数据保密性
    无影响
  • 数据完整性
    无影响
  • 服务器危害
    无影响
  • 全网数量
    N/A
CWE-ID 漏洞类型
CWE-416 释放后使用
阿里云安全产品覆盖情况