CVE-2026-4437
gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.
Llamar a gethostbyaddr o gethostbyaddr_r con un nsswitch.conf configurado que especifica el backend DNS de la biblioteca en la GNU C Library versión 2.34 a la versión 2.43 podría, con una respuesta manipulada del servidor DNS configurado, resultar en una violación de la especificación DNS que hace que la aplicación trate una sección que no es de respuesta de la respuesta DNS como una respuesta válida.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2026-03-19 CVE Reserved
- 2026-03-20 CVE Published
- 2026-03-23 CVE Updated
- 2026-05-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
- CAPEC-142: DNS Cache Poisoning
References (1)
| URL | Tag | Source |
|---|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=34014 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| The GNU C Library Search vendor "The GNU C Library" | Glibc Search vendor "The GNU C Library" for product "Glibc" | >= 2.34 <= 2.43 Search vendor "The GNU C Library" for product "Glibc" and version " >= 2.34 <= 2.43" | en |
Affected
| ||||||