CVE-2023-5156

Glibc: dos due to memory leak in getaddrinfo.c

Description

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

References

Link	Tags
https://access.redhat.com/security/cve/CVE-2023-5156	third party advisory vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=2240541	patch issue tracking
https://sourceware.org/bugzilla/show_bug.cgi?id=30884	patch issue tracking
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796	patch mailing list
http://www.openwall.com/lists/oss-security/2023/10/03/4
http://www.openwall.com/lists/oss-security/2023/10/03/5
http://www.openwall.com/lists/oss-security/2023/10/03/6
http://www.openwall.com/lists/oss-security/2023/10/03/8
https://security.gentoo.org/glsa/202402-01

Frequently Asked Questions

What is the severity of CVE-2023-5156?: CVE-2023-5156 has been scored as a high severity vulnerability.
How to fix CVE-2023-5156?: To fix CVE-2023-5156, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-5156 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-5156 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-5156?: CVE-2023-5156 affects Red Hat Red Hat Enterprise Linux 6, Red Hat Red Hat Enterprise Linux 6, Red Hat Red Hat Enterprise Linux 7, Red Hat Red Hat Enterprise Linux 7, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 9.

Description

Category

CWE-401 – Missing Release of Memory after Effective Lifetime

References

Frequently Asked Questions