Use After Free Affecting glibc-utils package, versions <0:2.28-225.el8_8.6


Severity

Recommended
high

Based on AlmaLinux security rating.

Threat Intelligence

EPSS
1.66% (74th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ALMALINUX8-GLIBCUTILS-5948621
  • published7 Oct 2023
  • disclosed5 Oct 2023

Introduced: 5 Oct 2023

CVE-2023-4813  (opens in a new tab)
CWE-416  (opens in a new tab)

How to fix?

Upgrade AlmaLinux:8 glibc-utils to version 0:2.28-225.el8_8.6 or higher.
This issue was patched in ALSA-2023:5455.

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-utils package and not the glibc-utils package as distributed by AlmaLinux. See How to fix? for AlmaLinux:8 relevant fixed versions and status.

A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

CVSS Base Scores

version 3.1